This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1997-07-10
Product Windows Nt Last view 2006-05-09
Version 4.0 Type Os
Update sp5  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_nt

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2006-05-09 CVE-2006-1184

Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.

7.5 2006-05-09 CVE-2006-0034

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.

9.3 2006-01-10 CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

10 2005-01-10 CVE-2004-0900

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."

5 2005-01-10 CVE-2004-0899

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."

10 2005-01-10 CVE-2004-0568

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

5 2001-08-31 CVE-2000-1200

Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

2.1 2001-08-03 CVE-2001-1122

Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.

5 2001-07-07 CVE-2001-1244

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

5 2001-03-12 CVE-2001-0017

Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.

7.2 2001-03-12 CVE-2001-0016

NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

3.6 2000-02-01 CVE-2000-0121

The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

7.2 2000-01-12 CVE-2000-0070

NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

7.5 1999-12-31 CVE-1999-1455

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

2.1 1999-12-31 CVE-1999-1362

Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

4.6 1999-12-31 CVE-1999-1317

Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.

5 1999-12-31 CVE-1999-1157

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

5 1999-12-31 CVE-1999-0815

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.

4.6 1999-11-30 CVE-1999-0824

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

7.2 1999-11-04 CVE-1999-0899

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

7.2 1999-11-04 CVE-1999-0898

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

7.5 1999-09-20 CVE-1999-0909

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

9 1999-09-17 CVE-1999-0886

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

5 1999-08-24 CVE-2000-0328

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

5 1999-07-23 CVE-1999-0224

Denial of service in Windows NT messenger service through a long username.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
22% (2) CWE-264 Permissions, Privileges, and Access Controls
22% (2) CWE-20 Improper Input Validation
11% (1) CWE-255 Credentials Management
11% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
59513 Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL)
59260 Microsoft Windows NT SNMP Agent Query Saturation Remote DoS
25336 Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Req...
25335 Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServ...
18829 Microsoft Windows Open Type (EOT) Font Handling Remote Overflow
12377 Microsoft Windows NT DHCP Message Length Remote Overflow
12374 Microsoft Windows HyperTerminal Session File Remote Overflow
12371 Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS
11474 Microsoft Windows NT CSRSS Thread Exhaustion DoS
11473 Microsoft Windows NT Messenger Service Long Username DoS
11409 Windows NT RRAS/RAS Client Persistent Password Caching
11156 Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS
11068 Windows NT Win32k.sys Incorrect Parameter Local DoS
10616 Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass
10385 Multiple TCP Implementation Mismatched MSS DoS
8334 Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation
7576 Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access
1214 Microsoft Windows NT Recycle Bin Deleted File Access
1199 NT NtImpersonateClientOfPort LPC Privilege Escalation
1147 NT Subst.exe Arbitrary Folder Modification
1135 Microsoft Windows NT Print Spooler Alternate Print Provider Arbitrary Command...
1134 Microsoft Windows NT Print Spooler Malformed Request Overflow
1076 Microsoft Windows IP Source Routing
1075 Microsoft Windows NT RASMAN Path Subversion Privilege Escalation
1059 NT Predictable TCP Sequence Number

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContext little endian object call heap overflow ...
RuleID : 6466 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContext object call heap overflow attempt
RuleID : 6465 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT msdtc BuildContext little endian object call heap overflow attempt
RuleID : 6464 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT msdtc BuildContext object call heap overflow attempt
RuleID : 6463 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContext little endian heap overflow attempt
RuleID : 6462 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContext heap overflow attempt
RuleID : 6461 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow attempt
RuleID : 6460 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT v4 msdtc BuildContext little endian heap overflow attempt
RuleID : 6459 - Type : NETBIOS - Revision : 6
2014-01-10 DCERPC DIRECT-UDP v4 msdtc BuildContext little endian heap overflow attempt
RuleID : 6458 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT msdtc BuildContext little endian heap overflow attempt
RuleID : 6457 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt
RuleID : 6456 - Type : OS-WINDOWS - Revision : 12
2014-01-10 DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt
RuleID : 6455 - Type : OS-WINDOWS - Revision : 12
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContextW object call heap overflow attempt
RuleID : 6454 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT msdtc BuildContextW little endian object call heap overflow att...
RuleID : 6453 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContextW little endian object call heap overflow...
RuleID : 6452 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT msdtc BuildContextW object call heap overflow attempt
RuleID : 6451 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow attempt
RuleID : 6450 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContextW heap overflow attempt
RuleID : 6449 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt
RuleID : 6448 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC DIRECT v4 msdtc BuildContextW heap overflow attempt
RuleID : 6447 - Type : NETBIOS - Revision : 5
2014-01-10 DCERPC DIRECT v4 msdtc BuildContextW little endian heap overflow attempt
RuleID : 6446 - Type : NETBIOS - Revision : 6
2014-01-10 DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian heap overflow attempt
RuleID : 6445 - Type : NETBIOS - Revision : 8
2014-01-10 DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt
RuleID : 6444 - Type : OS-WINDOWS - Revision : 13
2014-01-10 DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt
RuleID : 6443 - Type : OS-WINDOWS - Revision : 14
2014-01-10 DCERPC DIRECT-UDP msdtc BuildContextW object call invalid second uuid size at...
RuleID : 6442 - Type : NETBIOS - Revision : 8

Nessus® Vulnerability Scanner

id Description
2011-09-15 Name: It is possible to obtain the host SID for the remote host, without credentials.
File: smb_host2sid_null_session.nasl - Type: ACT_GATHER_INFO
2011-09-15 Name: Nessus was able to enumerate local users, without credentials.
File: smb_sid2localuser_null_session.nasl - Type: ACT_GATHER_INFO
2006-05-10 Name: A vulnerability in MSDTC could allow remote code execution.
File: smb_kb913580.nasl - Type: ACT_GATHER_INFO
2006-05-09 Name: It is possible to crash the remote MSDTC service.
File: smb_nt_ms06-018.nasl - Type: ACT_GATHER_INFO
2006-01-10 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms06-002.nasl - Type: ACT_GATHER_INFO
2006-01-03 Name: Arbitrary code can be executed on the remote host through the DHCP service.
File: smb_kb885249.nasl - Type: ACT_GATHER_INFO
2004-12-14 Name: Arbitrary code can be executed on the remote host via the DHCP service.
File: smb_nt_ms04-042.nasl - Type: ACT_GATHER_INFO
2004-12-14 Name: Arbitrary code can be executed on the remote host through HyperTerminal.
File: smb_nt_ms04-043.nasl - Type: ACT_GATHER_INFO
2002-02-13 Name: It is possible to obtain the host SID for the remote host.
File: smb_host2sid.nasl - Type: ACT_GATHER_INFO
2001-06-15 Name: A bug in the remote operating system allows a local user to elevate privileges.
File: smb_nt_ms01-008.nasl - Type: ACT_GATHER_INFO
2001-02-15 Name: A flaw in the remote PPTP implementation could allow an attacker to cause a d...
File: smb_nt_ms01-009.nasl - Type: ACT_GATHER_INFO
2000-05-09 Name: It was possible to obtain the domain SID.
File: smb_dom2sid.nasl - Type: ACT_GATHER_INFO
2000-05-09 Name: Nessus was able to enumerate domain users.
File: smb_sid2user.nasl - Type: ACT_GATHER_INFO
1999-07-28 Name: The remote host is vulnerable to a denial of service attack.
File: pimp.nasl - Type: ACT_KILL_HOST