National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_nt:4.0:sp6:server
There are 254 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-1999-1132

Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1157

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1222

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1358

When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-1999-1359

When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-1360

Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1362

Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1363

Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1364

Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1452

GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1455

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-0994

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Published: December 16, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0995

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Published: December 16, 1999; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-1999-0975

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Published: December 10, 1999; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Published: December 01, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0824

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

Published: November 30, 1999; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-1999-0987

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Published: November 18, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-0073

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

Published: November 17, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0898

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

Published: November 04, 1999; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-1999-0899

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

Published: November 04, 1999; 12:00:00 AM -05:00
    V2: 7.2 HIGH