Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 1997-07-10 |
Product | Windows Nt | Last view | 2006-05-09 |
Version | 4.0 | Type | Os |
Update | sp5 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:microsoft:windows_nt |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2006-05-09 | CVE-2006-1184 | Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. |
7.5 | 2006-05-09 | CVE-2006-0034 | Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. |
9.3 | 2006-01-10 | CVE-2006-0010 | Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. |
10 | 2005-01-10 | CVE-2004-0900 | The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." |
5 | 2005-01-10 | CVE-2004-0899 | The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." |
10 | 2005-01-10 | CVE-2004-0568 | HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. |
5 | 2001-08-31 | CVE-2000-1200 | Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. |
2.1 | 2001-08-03 | CVE-2001-1122 | Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. |
5 | 2001-07-07 | CVE-2001-1244 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. |
5 | 2001-03-12 | CVE-2001-0017 | Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. |
7.2 | 2001-03-12 | CVE-2001-0016 | NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. |
3.6 | 2000-02-01 | CVE-2000-0121 | The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. |
7.2 | 2000-01-12 | CVE-2000-0070 | NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." |
7.5 | 1999-12-31 | CVE-1999-1455 | RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. |
2.1 | 1999-12-31 | CVE-1999-1362 | Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. |
4.6 | 1999-12-31 | CVE-1999-1317 | Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. |
5 | 1999-12-31 | CVE-1999-1157 | Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. |
5 | 1999-12-31 | CVE-1999-0815 | Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. |
4.6 | 1999-11-30 | CVE-1999-0824 | A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. |
7.2 | 1999-11-04 | CVE-1999-0899 | The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. |
7.2 | 1999-11-04 | CVE-1999-0898 | Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. |
7.5 | 1999-09-20 | CVE-1999-0909 | Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. |
9 | 1999-09-17 | CVE-1999-0886 | The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. |
5 | 1999-08-24 | CVE-2000-0328 | Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. |
5 | 1999-07-23 | CVE-1999-0224 | Denial of service in Windows NT messenger service through a long username. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
22% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
22% (2) | CWE-20 | Improper Input Validation |
11% (1) | CWE-255 | Credentials Management |
11% (1) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
59513 | Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) |
59260 | Microsoft Windows NT SNMP Agent Query Saturation Remote DoS |
25336 | Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Req... |
25335 | Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServ... |
18829 | Microsoft Windows Open Type (EOT) Font Handling Remote Overflow |
12377 | Microsoft Windows NT DHCP Message Length Remote Overflow |
12374 | Microsoft Windows HyperTerminal Session File Remote Overflow |
12371 | Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS |
11474 | Microsoft Windows NT CSRSS Thread Exhaustion DoS |
11473 | Microsoft Windows NT Messenger Service Long Username DoS |
11409 | Windows NT RRAS/RAS Client Persistent Password Caching |
11156 | Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS |
11068 | Windows NT Win32k.sys Incorrect Parameter Local DoS |
10616 | Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass |
10385 | Multiple TCP Implementation Mismatched MSS DoS |
8334 | Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation |
7576 | Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access |
1214 | Microsoft Windows NT Recycle Bin Deleted File Access |
1199 | NT NtImpersonateClientOfPort LPC Privilege Escalation |
1147 | NT Subst.exe Arbitrary Folder Modification |
1135 | Microsoft Windows NT Print Spooler Alternate Print Provider Arbitrary Command... |
1134 | Microsoft Windows NT Print Spooler Malformed Request Overflow |
1076 | Microsoft Windows IP Source Routing |
1075 | Microsoft Windows NT RASMAN Path Subversion Privilege Escalation |
1059 | NT Predictable TCP Sequence Number |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext little endian object call heap overflow ... RuleID : 6466 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext object call heap overflow attempt RuleID : 6465 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext little endian object call heap overflow attempt RuleID : 6464 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext object call heap overflow attempt RuleID : 6463 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext little endian heap overflow attempt RuleID : 6462 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext heap overflow attempt RuleID : 6461 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow attempt RuleID : 6460 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6459 - Type : NETBIOS - Revision : 6 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6458 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext little endian heap overflow attempt RuleID : 6457 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt RuleID : 6456 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt RuleID : 6455 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW object call heap overflow attempt RuleID : 6454 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW little endian object call heap overflow att... RuleID : 6453 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW little endian object call heap overflow... RuleID : 6452 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW object call heap overflow attempt RuleID : 6451 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow attempt RuleID : 6450 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW heap overflow attempt RuleID : 6449 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt RuleID : 6448 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW heap overflow attempt RuleID : 6447 - Type : NETBIOS - Revision : 5 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6446 - Type : NETBIOS - Revision : 6 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6445 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt RuleID : 6444 - Type : OS-WINDOWS - Revision : 13 |
2014-01-10 | DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt RuleID : 6443 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW object call invalid second uuid size at... RuleID : 6442 - Type : NETBIOS - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2011-09-15 | Name: It is possible to obtain the host SID for the remote host, without credentials. File: smb_host2sid_null_session.nasl - Type: ACT_GATHER_INFO |
2011-09-15 | Name: Nessus was able to enumerate local users, without credentials. File: smb_sid2localuser_null_session.nasl - Type: ACT_GATHER_INFO |
2006-05-10 | Name: A vulnerability in MSDTC could allow remote code execution. File: smb_kb913580.nasl - Type: ACT_GATHER_INFO |
2006-05-09 | Name: It is possible to crash the remote MSDTC service. File: smb_nt_ms06-018.nasl - Type: ACT_GATHER_INFO |
2006-01-10 | Name: Arbitrary code can be executed on the remote host by sending a malformed file... File: smb_nt_ms06-002.nasl - Type: ACT_GATHER_INFO |
2006-01-03 | Name: Arbitrary code can be executed on the remote host through the DHCP service. File: smb_kb885249.nasl - Type: ACT_GATHER_INFO |
2004-12-14 | Name: Arbitrary code can be executed on the remote host via the DHCP service. File: smb_nt_ms04-042.nasl - Type: ACT_GATHER_INFO |
2004-12-14 | Name: Arbitrary code can be executed on the remote host through HyperTerminal. File: smb_nt_ms04-043.nasl - Type: ACT_GATHER_INFO |
2002-02-13 | Name: It is possible to obtain the host SID for the remote host. File: smb_host2sid.nasl - Type: ACT_GATHER_INFO |
2001-06-15 | Name: A bug in the remote operating system allows a local user to elevate privileges. File: smb_nt_ms01-008.nasl - Type: ACT_GATHER_INFO |
2001-02-15 | Name: A flaw in the remote PPTP implementation could allow an attacker to cause a d... File: smb_nt_ms01-009.nasl - Type: ACT_GATHER_INFO |
2000-05-09 | Name: It was possible to obtain the domain SID. File: smb_dom2sid.nasl - Type: ACT_GATHER_INFO |
2000-05-09 | Name: Nessus was able to enumerate domain users. File: smb_sid2user.nasl - Type: ACT_GATHER_INFO |
1999-07-28 | Name: The remote host is vulnerable to a denial of service attack. File: pimp.nasl - Type: ACT_KILL_HOST |