Microsoft » Windows Nt : Security Vulnerabilities, CVEs, Published In 1999

Windows NT 4.0 beta allows users to read and delete shares.

Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.

Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

A system-critical Windows NT file or directory has inappropriate permissions.

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.