MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in...
7AI Score
0.009EPSS
7.2AI Score
0.003EPSS
6.6AI Score
0.003EPSS
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of...
7AI Score
0.005EPSS
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry...
7.1AI Score
0.0004EPSS
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a...
6.9AI Score
0.005EPSS
7AI Score
0.0004EPSS
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry...
7.1AI Score
0.003EPSS
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical...
7AI Score
0.002EPSS
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging...
6.6AI Score
0.003EPSS
7AI Score
0.002EPSS
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log...
7.1AI Score
0.165EPSS
6.8AI Score
0.003EPSS
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or...
7.1AI Score
0.003EPSS
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be...
6.5AI Score
0.0004EPSS
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack...
6.7AI Score
0.017EPSS
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print...
7.6AI Score
0.0005EPSS
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler...
7.4AI Score
0.005EPSS
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier...
7AI Score
0.02EPSS
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook...
7.3AI Score
0.001EPSS
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA...
7AI Score
0.004EPSS
7.2AI Score
0.0005EPSS
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image...
6.9AI Score
0.004EPSS
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control...
7AI Score
0.002EPSS
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password"...
7.2AI Score
0.008EPSS
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini...
7.1AI Score
0.0004EPSS
7AI Score
0.006EPSS
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer"...
7AI Score
0.008EPSS
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user...
6.9AI Score
0.007EPSS
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control...
7AI Score
0.004EPSS
6.6AI Score
0.004EPSS
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is...
7.2AI Score
0.0005EPSS
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain...
7AI Score
0.004EPSS
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated...
7AI Score
0.0005EPSS
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash...
7AI Score
0.01EPSS
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a...
7.1AI Score
0.004EPSS
7AI Score
0.002EPSS
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX...
6.8AI Score
0.0004EPSS
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not...
7AI Score
0.002EPSS
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious...
6.9AI Score
0.0005EPSS