Microsoft Windows Nt vulnerabilities

CVE-2001-0238 [HIGH] CVE-2001-0238: Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

CVE-2001-0373 [LOW] CVE-2001-0373: The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dm The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.

CVE-2001-0016 [HIGH] CVE-2001-0016: NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an L NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

CVE-2001-0017 [MEDIUM] CVE-2001-0017: Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service vi Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.

CVE-2001-0045 [CRITICAL] CVE-2001-0045: The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execu The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.

CVE-2001-0047 [HIGH] CVE-2001-0047: The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows loc The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.

CVE-2001-0046 [MEDIUM] CVE-2001-0046: The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attacke The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.

CVE-2001-0006 [HIGH] CWE-732 CVE-2001-0006: The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control per The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.

CVE-2000-1089 [CRITICAL] CVE-2000-1089: Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, ak Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

CVE-2000-1149 [HIGH] CVE-2000-1149: Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to exec Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.

CVE-2000-1039 [MEDIUM] CVE-2000-1039: Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service b Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security com

CVE-2000-1227 [MEDIUM] CVE-2000-1227: Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailab Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.

CVE-2000-0885 [HIGH] CVE-2000-0885: Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary c Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candid

CVE-1999-1579 [MEDIUM] CVE-1999-1579: The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.

CVE-2000-0858 [MEDIUM] CVE-2000-0858: Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in II Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

CVE-2000-1079 [HIGH] CVE-2000-1079: Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 9 Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.

CVE-2000-0673 [MEDIUM] CVE-2000-0673: The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attacke The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

CVE-2000-0663 [MEDIUM] CVE-2000-0663: The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 us The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.

CVE-1999-0585 [LOW] CVE-1999-0585: A Windows NT administrator account has the default name of Administrator. A Windows NT administrator account has the default name of Administrator.

CVE-2000-0377 [MEDIUM] CVE-2000-0377: The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of s The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.