CVE-1999-0995
published 1999-12-16CVE-1999-0995: Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which…
PriorityP428high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
21.82%
97.3th percentile
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids input validation (MS99-057 / XFDB-3759)
vuldb·2026-04-19·CVSS 7.8
CVE-1999-0995 [HIGH] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids input validation (MS99-057 / XFDB-3759)
A vulnerability, which was classified as problematic, has been found in Microsoft Windows NT 4.0. The affected element is the function LsaLookupSids of the component Local Security Authority Subsystem. The manipulation leads to improper input validation.
This vulnerability is referenced as CVE-1999-0995. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
GHSA
GHSA-m7p3-89hq-9rch: Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function w
ghsa_unreviewed·2022-04-30
CVE-1999-0995 [HIGH] CWE-20 GHSA-m7p3-89hq-9rch: Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function w
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ248185http://www.securityfocus.com/bid/875https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-057http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ248185http://www.securityfocus.com/bid/875https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-057
1999-12-16
Published