Windows Nt Security Vulnerabilities

CVE-1999-0119

Windows NT 4.0 beta allows users to read and delete shares.

CVE-1999-0140

Denial of service in RAS/PPTP on NT systems.

CVE-1999-0224

Denial of service in Windows NT messenger service through a long username.

CVE-1999-0226

Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.

CVE-1999-0285

Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.

CVE-1999-0366

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

CVE-1999-0376

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

CVE-1999-0382

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

CVE-1999-0384

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

CVE-1999-0391

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

CVE-1999-0444

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

CVE-1999-0489

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

CVE-1999-0549

Windows NT automatically logs in an administrator upon rebooting.

CVE-1999-0560

A system-critical Windows NT file or directory has inappropriate permissions.

CVE-1999-0570

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

CVE-1999-0577

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

CVE-1999-0578

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

CVE-1999-0579

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

CVE-1999-0581

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

CVE-1999-0585

A Windows NT administrator account has the default name of Administrator.

CVE-1999-0590

A system does not present an appropriate legal message or warning to a user who is accessing it.

CVE-1999-0593

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

CVE-1999-0595

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

CVE-1999-0700

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

CVE-1999-0701

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

CVE-1999-0715

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

CVE-1999-0716

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

CVE-1999-0717

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

CVE-1999-0721

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

CVE-1999-0723

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

CVE-1999-0726

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

CVE-1999-0728

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

CVE-1999-0755

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

CVE-1999-0815

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.

CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

CVE-1999-0824

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

CVE-1999-0886

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

CVE-1999-0898

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

CVE-1999-0899

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

CVE-1999-0909

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

CVE-1999-0918

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

CVE-1999-0975

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

CVE-1999-0980

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

CVE-1999-0987

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

CVE-1999-0994

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

CVE-1999-0995

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

CVE-1999-1084

The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.

CVE-1999-1127

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.