Microsoft Windows Nt vulnerabilities

CVE-2002-0699 [MEDIUM] CVE-2002-0699: Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.

CVE-2002-0724 [HIGH] CVE-2002-0724: Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Wi Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".

CVE-2002-0725 [MEDIUM] CWE-59 CVE-2002-0725: NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage ac NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

CVE-2002-0391 [CRITICAL] CWE-190 CVE-2002-0391: Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVE-2002-0421 [MEDIUM] CVE-2002-0421: IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by dire IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

CVE-2002-0366 [HIGH] CVE-2002-0366: Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing a Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

CVE-2002-0367 [HIGH] CWE-269 CVE-2002-0367: smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

CVE-2002-0151 [HIGH] CVE-2002-0151: Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local u Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

CVE-2002-0070 [HIGH] CWE-119 CVE-2002-0070: Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote atta Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

CVE-2002-0053 [HIGH] CVE-2002-0053: Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windo Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-

CVE-2001-0663 [MEDIUM] CVE-2001-0663: Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.

CVE-2001-0662 [MEDIUM] CVE-2001-0662: RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.

CVE-2001-0509 [MEDIUM] CWE-20 CVE-2001-0509: Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

CVE-2001-0543 [MEDIUM] CWE-401 CVE-2001-0543: Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a de Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.

CVE-2001-1452 [HIGH] CWE-346 CVE-2001-1452: By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from n By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

CVE-2000-1200 [MEDIUM] CVE-2000-1200: Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with th Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

CVE-2001-1122 [LOW] CVE-2001-1122: Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of se Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.

CVE-2001-1288 [LOW] CVE-2001-1288: Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.

CVE-2001-0341 [HIGH] CVE-2001-0341: Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.

CVE-2001-1244 [MEDIUM] CVE-2001-1244: Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth an Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.