Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-02-20
Updated
2018-10-12
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-01-01
Updated
2018-10-12
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.
Max CVSS
4.6
EPSS Score
0.04%
Published
1997-01-01
Updated
2022-08-17
The Windows NT guest account is enabled.
Max CVSS
4.6
EPSS Score
0.04%
Published
1998-10-01
Updated
2022-08-17
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-01-01
Updated
2022-08-17
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
Max CVSS
4.9
EPSS Score
0.29%
Published
1999-01-01
Updated
2017-07-11
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
Max CVSS
4.0
EPSS Score
2.92%
Published
1999-09-01
Updated
2021-07-22
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
Max CVSS
4.0
EPSS Score
0.24%
Published
1999-09-01
Updated
2021-07-22
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-05-20
Updated
2018-10-12
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-05-17
Updated
2018-10-12
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
Max CVSS
4.6
EPSS Score
0.06%
Published
1999-10-01
Updated
2018-10-12
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-11-30
Updated
2008-09-09
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
Max CVSS
4.3
EPSS Score
0.71%
Published
1999-10-01
Updated
2021-07-22
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-10
Updated
2008-09-09
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
Max CVSS
4.3
EPSS Score
0.98%
Published
1999-11-19
Updated
2018-10-12
The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-31
Updated
2018-10-12
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-31
Updated
2016-10-18
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
Max CVSS
4.6
EPSS Score
0.04%
Published
1997-07-25
Updated
2017-10-10
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-08-25
Updated
2021-07-22
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-31
Updated
2017-10-10
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
Max CVSS
4.6
EPSS Score
0.05%
Published
1998-11-12
Updated
2021-04-09
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-31
Updated
2008-09-05
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-05-06
Updated
2021-07-22
ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.
Max CVSS
4.6
EPSS Score
0.13%
Published
2005-01-07
Updated
2016-10-18
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
Max CVSS
4.6
EPSS Score
0.07%
Published
2000-02-14
Updated
2008-09-10
835 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!