| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| Windows NT 4.0 beta allows users to read and delete shares. |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
| Denial of service through Winpopup using large user names. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| Windows NT automatically logs in an administrator upon rebooting. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. |
| The Windows NT guest account is enabled. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. |
| The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. |
| A NETBIOS/SMB share password is the default, null, or missing. |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. |
| Denial of service in Windows NT messenger service through a long username. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
