Microsoft » Windows Nt : Security Vulnerabilities, CVEs, CVSS score >= 7
CVE-2010-0232
Known exploited
Public exploit
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
Max CVSS
7.2
EPSS Score
0.05%
Published
2010-01-21
Updated
2023-12-07
CISA KEV Added
2022-03-03
CVE-2006-0988
Public exploit
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Max CVSS
7.8
EPSS Score
1.48%
Published
2006-03-03
Updated
2018-10-18
CVE-2004-1080
Public exploit
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
Max CVSS
10.0
EPSS Score
96.85%
Published
2005-01-10
Updated
2019-04-30
CVE-2004-0206
Public exploit
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Max CVSS
7.5
EPSS Score
22.19%
Published
2004-11-03
Updated
2018-10-12
CVE-2003-0818
Public exploit
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Max CVSS
7.5
EPSS Score
97.36%
Published
2004-03-03
Updated
2019-04-30
CVE-2003-0719
Public exploit
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
Max CVSS
7.5
EPSS Score
95.57%
Published
2004-06-01
Updated
2018-10-12
CVE-2003-0533
Public exploit
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Max CVSS
7.5
EPSS Score
97.21%
Published
2004-06-01
Updated
2018-10-12
CVE-2003-0352
Public exploit
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
Max CVSS
7.5
EPSS Score
97.16%
Published
2003-08-18
Updated
2019-04-30
CVE-2000-1089
Public exploit
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Max CVSS
10.0
EPSS Score
96.97%
Published
2001-01-09
Updated
2018-10-12
CVE-1999-0874
Public exploit
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
Max CVSS
10.0
EPSS Score
90.74%
Published
1999-06-16
Updated
2018-10-12
CVE-1999-0506
Public exploit
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
Max CVSS
7.2
EPSS Score
0.08%
Published
1998-10-01
Updated
2022-08-17
CVE-1999-0504
Public exploit
A Windows NT local user or administrator account has a default, null, blank, or missing password.
Max CVSS
7.5
EPSS Score
0.55%
Published
1997-01-01
Updated
2022-08-17
CVE-1999-0256
Public exploit
Buffer overflow in War FTP allows remote execution of commands.
Max CVSS
7.5
EPSS Score
96.21%
Published
1998-02-01
Updated
2008-09-09
13 vulnerabilities found