Microsoft: >> Windows Nt >> 4.0 Security Vulnerabilities
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-12-10
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
CVSS Score
5.0
EPSS Score
0.481
Published
1999-12-01
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-11-30
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
CVSS Score
10.0
EPSS Score
0.055
Published
1999-11-18
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
CVSS Score
5.0
EPSS Score
0.166
Published
1999-11-17
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
CVSS Score
7.2
EPSS Score
0.038
Published
1999-11-04
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVSS Score
7.2
EPSS Score
0.024
Published
1999-11-04
LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
CVSS Score
5.0
EPSS Score
0.153
Published
1999-10-26
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
CVSS Score
7.5
EPSS Score
0.042
Published
1999-09-20
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
CVSS Score
9.0
EPSS Score
0.38
Published
1999-09-17