| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Windows NT guest account is enabled. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| A NETBIOS/SMB share password is the default, null, or missing. |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| A Windows NT domain user or administrator account has a guessable password. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| Denial of service in Windows NT messenger service through a long username. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. |
| Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. |
| Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. |
| Denial of service in various Windows systems via malformed, fragmented IGMP packets. |
| The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash. |
| Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. |
| Windows NT 4.0 beta allows users to read and delete shares. |
