CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Nt » 4.0 SP2 Workstation : Security Vulnerabilities

Cpe Name:cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4609 16 DoS 2008-10-20 2013-10-10
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
2 CVE-2006-2379 Exec Code Overflow 2006-06-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
3 CVE-2006-1591 Exec Code Overflow 2006-04-03 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
4 CVE-2006-1184 DoS 2006-05-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
5 CVE-2006-0034 119 Exec Code Overflow 2006-05-09 2011-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
6 CVE-2006-0010 119 Exec Code Overflow 2006-01-10 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
7 CVE-2005-1184 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.
8 CVE-2005-0416 Exec Code Overflow 2005-04-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
9 CVE-2005-0045 Exec Code 2005-05-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
10 CVE-2004-1361 Exec Code Overflow 2004-12-23 2008-09-05
5.0
None Remote Low Not required None Partial None
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
11 CVE-2004-1306 Exec Code Overflow 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
12 CVE-2004-1305 DoS 2004-12-23 2008-09-10
5.0
None Remote Low Not required None None Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
13 CVE-2004-0901 Exec Code 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
14 CVE-2004-0893 +Priv 2005-01-10 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
15 CVE-2004-0571 Exec Code 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
16 CVE-2004-0568 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
17 CVE-2004-0201 Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
18 CVE-2003-0818 Exec Code Overflow 2004-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
19 CVE-2003-0813 DoS 2003-11-17 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
20 CVE-2003-0717 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
21 CVE-2003-0715 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
22 CVE-2003-0711 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
23 CVE-2003-0661 +Info 2003-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
24 CVE-2003-0660 Exec Code 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
25 CVE-2003-0659 Exec Code Overflow 2003-11-17 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
26 CVE-2003-0528 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
27 CVE-2003-0352 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
28 CVE-2003-0345 DoS Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
29 CVE-2003-0112 Overflow +Priv 2003-05-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
30 CVE-2003-0010 Exec Code Overflow 2003-03-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
31 CVE-2003-0003 Exec Code Overflow 2003-02-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
32 CVE-2002-2401 264 Bypass 2002-12-31 2008-09-10
3.6
None Local Low Not required Partial Partial None
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
33 CVE-2002-2028 2002-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
34 CVE-2002-1712 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
35 CVE-2002-1561 DoS 2003-04-02 2008-09-10
5.0
None Remote Low Not required None None Partial
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
36 CVE-2002-1325 2002-12-23 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
37 CVE-2002-1260 Bypass 2002-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
38 CVE-2002-1258 2002-12-23 2008-09-10
5.0
None Remote Low Not required Partial None None
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
39 CVE-2002-1257 Exec Code 2002-12-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
40 CVE-2002-1184 +Priv 2002-11-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
41 CVE-2002-0724 DoS Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
42 CVE-2002-0694 Exec Code 2002-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
43 CVE-2002-0693 Exec Code Overflow 2002-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
44 CVE-2002-0366 Exec Code Overflow 2002-07-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
45 CVE-2001-1288 DoS 2001-07-27 2008-09-10
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
46 CVE-2001-0341 Exec Code Overflow 2001-07-21 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
47 CVE-2000-1227 DoS 2000-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
Total number of vulnerabilities : 47   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.