| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. |
| Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. |
| Predictable TCP sequence numbers allow spoofing. |
| Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. |
| The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. |
| Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. |
| Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. |
| The Windows NT guest account is enabled. |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. |
| The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. |
| A Windows NT domain user or administrator account has a guessable password. |
| Denial of service through Winpopup using large user names. |
| Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
