Windows NT 4.0 beta allows users to read and delete shares.
Max CVSS
10.0
EPSS Score
0.35%
Published
1999-01-19
Updated
2022-08-17
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
Max CVSS
10.0
EPSS Score
0.54%
Published
1999-01-01
Updated
2022-08-17
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
Max CVSS
10.0
EPSS Score
0.47%
Published
1999-01-01
Updated
2022-08-17
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
Max CVSS
10.0
EPSS Score
0.94%
Published
1999-05-17
Updated
2018-10-12
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
Max CVSS
10.0
EPSS Score
0.35%
Published
1997-01-01
Updated
2022-08-17
A system-critical Windows NT file or directory has inappropriate permissions.
Max CVSS
10.0
EPSS Score
0.25%
Published
1999-01-01
Updated
2022-08-17
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
Max CVSS
10.0
EPSS Score
0.35%
Published
1999-01-01
Updated
2022-08-17
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
Max CVSS
10.0
EPSS Score
0.35%
Published
1999-01-01
Updated
2022-08-17
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
Max CVSS
10.0
EPSS Score
0.35%
Published
1999-01-01
Updated
2022-08-17
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
Max CVSS
10.0
EPSS Score
0.25%
Published
1999-01-01
Updated
2022-08-17
A system does not present an appropriate legal message or warning to a user who is accessing it.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-06-01
Updated
2022-08-17

CVE-1999-0874

Public exploit
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
Max CVSS
10.0
EPSS Score
90.74%
Published
1999-06-16
Updated
2018-10-12
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
Max CVSS
10.0
EPSS Score
0.41%
Published
1999-11-18
Updated
2018-08-13

CVE-2000-1089

Public exploit
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Max CVSS
10.0
EPSS Score
96.97%
Published
2001-01-09
Updated
2018-10-12
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
Max CVSS
10.0
EPSS Score
0.45%
Published
2001-02-16
Updated
2018-10-12
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
Max CVSS
10.0
EPSS Score
3.72%
Published
2002-03-08
Updated
2018-10-12
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Max CVSS
10.0
EPSS Score
85.02%
Published
2002-08-12
Updated
2024-02-08
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
Max CVSS
10.0
EPSS Score
2.28%
Published
2002-12-23
Updated
2019-04-30
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
Max CVSS
10.0
EPSS Score
69.64%
Published
2003-09-17
Updated
2019-04-30
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
Max CVSS
10.0
EPSS Score
70.33%
Published
2003-09-17
Updated
2019-04-30
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Max CVSS
10.0
EPSS Score
62.97%
Published
2004-07-27
Updated
2024-02-02
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
Max CVSS
10.0
EPSS Score
1.71%
Published
2004-08-06
Updated
2019-04-30
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
Max CVSS
10.0
EPSS Score
86.09%
Published
2004-08-06
Updated
2019-04-30
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Max CVSS
10.0
EPSS Score
9.21%
Published
2005-01-10
Updated
2019-04-30
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
Max CVSS
10.0
EPSS Score
15.46%
Published
2005-01-10
Updated
2019-04-30
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!