Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Nt Subscriptions
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-2028 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-09-17 N/A
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVE-2002-2413 2 Deerfield, Microsoft 3 Website Pro, Windows 9x, Windows Nt 2024-09-16 N/A
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
CVE-2000-1227 1 Microsoft 2 Windows 2000, Windows Nt 2024-09-16 N/A
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
CVE-2005-4717 1 Microsoft 6 Ie, Internet Explorer, Windows 2000 and 3 more 2024-09-16 N/A
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
CVE-2002-2401 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-09-16 N/A
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
CVE-2000-1218 1 Microsoft 5 Windows 2000, Windows 98, Windows 98se and 2 more 2024-08-08 9.8 Critical
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
CVE-2000-1149 1 Microsoft 1 Windows Nt 2024-08-08 N/A
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
CVE-2000-1200 1 Microsoft 1 Windows Nt 2024-08-08 N/A
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
CVE-2000-1089 1 Microsoft 2 Windows 2000, Windows Nt 2024-08-08 N/A
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
CVE-2000-1079 1 Microsoft 4 Windows 2000, Windows 95, Windows 98 and 1 more 2024-08-08 N/A
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
CVE-2000-1039 1 Microsoft 5 Windows 95, Windows 98, Windows 98se and 2 more 2024-08-08 N/A
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
CVE-2000-0858 1 Microsoft 2 Internet Information Server, Windows Nt 2024-08-08 N/A
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
CVE-2000-0885 1 Microsoft 3 Systems Management Server, Windows 2000, Windows Nt 2024-08-08 N/A
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
CVE-2000-0673 1 Microsoft 2 Windows 2000, Windows Nt 2024-08-08 N/A
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
CVE-2000-0663 1 Microsoft 2 Windows 2000, Windows Nt 2024-08-08 N/A
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
CVE-2000-0544 1 Microsoft 2 Windows 2000, Windows Nt 2024-08-08 N/A
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
CVE-2000-0404 1 Microsoft 5 Terminal Server, Windows 2000, Windows 95 and 2 more 2024-08-08 N/A
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
CVE-2000-0403 1 Microsoft 1 Windows Nt 2024-08-08 N/A
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
CVE-2000-0377 1 Microsoft 1 Windows Nt 2024-08-08 N/A
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
CVE-2000-0331 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2024-08-08 N/A
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.