6.8AI Score
0.003EPSS
6.6AI Score
0.003EPSS
7AI Score
0.002EPSS
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
7AI Score
0.005EPSS
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
6.9AI Score
0.005EPSS
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
7AI Score
0.01EPSS
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
7AI Score
0.002EPSS
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
6.9AI Score
0.0005EPSS
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
7AI Score
0.0005EPSS
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
6.8AI Score
0.0004EPSS
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
7.1AI Score
0.004EPSS
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
7.1AI Score
0.165EPSS
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
7AI Score
0.009EPSS
7AI Score
0.0004EPSS
7AI Score
0.002EPSS
7.2AI Score
0.003EPSS
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
7.1AI Score
0.003EPSS
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
7.1AI Score
0.0004EPSS
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
7.1AI Score
0.003EPSS
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
7AI Score
0.002EPSS
7AI Score
0.0004EPSS
A system does not present an appropriate legal message or warning to a user who is accessing it.
6.9AI Score
0.003EPSS
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
6.6AI Score
0.003EPSS
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
6.5AI Score
0.0004EPSS
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
7.1AI Score
0.0004EPSS
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
6.4AI Score
0.001EPSS
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
7.3AI Score
0.001EPSS
7.2AI Score
0.0005EPSS
7AI Score
0.006EPSS
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
7AI Score
0.004EPSS
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
6.9AI Score
0.007EPSS
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
6.9AI Score
0.004EPSS
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
7AI Score
0.002EPSS
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
7.2AI Score
0.008EPSS
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
7AI Score
0.013EPSS
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
7AI Score
0.002EPSS
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
6.8AI Score
0.0004EPSS
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
6.9AI Score
0.907EPSS
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
7AI Score
0.004EPSS
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
7.4AI Score
0.005EPSS
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
7.6AI Score
0.0005EPSS
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
7AI Score
0.008EPSS
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
6.6AI Score
0.004EPSS
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
7.2AI Score
0.0005EPSS
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
6.6AI Score
0.084EPSS
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
7AI Score
0.004EPSS
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
6.7AI Score
0.017EPSS
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
7AI Score
0.02EPSS
The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
6.6AI Score
0.001EPSS
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
7.5CVSS
7AI Score
0.947EPSS