CPE Details
Microsoft Windows NT 3.5.1 SP5
3.5.1
2007-08-23
19h16 +00:00
19h16 +00:00
2008-04-07
12h30 +00:00
12h30 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:o:microsoft:windows_nt:3.5.1:sp5:*:*:*:*:*:*
Informations
Vendor
microsoftProduct
windows_ntVersion
3.5.1Update
sp5Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | 4.3 |
|||
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | 9.3 |
|||
| Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | 9.3 |
|||
| Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | 6.8 |
|||
| Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | 9.3 |
|||
| Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | 6.4 |
|||
| Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | 4.3 |
|||
| Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue | 7.8 |
|||
| Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | 5 |
|||
| WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | 5 |
|||
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | 5 |
|||
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |
|||
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | 10 |
|||
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. | 7.1 |
|||
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | 6.8 |
|||
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | 6.5 |
|||
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. | 5 |
|||
| Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. | 6.5 |
Moyen |
||
| Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | 10 |
|||
| Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. | 9.3 |
|||
| Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | 5.1 |
|||
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | 4.6 |
|||
| Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | 7.2 |
|||
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. | 2.1 |
|||
| In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | 10 |
|||
| Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. | 5 |
|||
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | 4.6 |
|||
| When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. | 7.5 |
|||
| Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. | 2.1 |
|||
| RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | 7.5 |
|||
| Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | 5 |
|||
| Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. | 5 |
|||
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. | 6.4 |
|||
| Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. | 5 |
|||
| NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. | 7.2 |
|||
| Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. | 5 |
|||
| Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | 7.2 |
|||
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | 10 |
|||
| Teardrop IP denial of service. | 5 |
|||
| Denial of service in RAS/PPTP on NT systems. | 5 |
|||
| Windows NT RSHSVC program allows remote users to execute arbitrary commands. | 7.2 |
|||
| Bonk variation of teardrop IP fragmentation denial of service. | 5 |
|||
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. | 10 |
|||
| Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. | 5 |
|||
| NETBIOS share information may be published through SNMP registry keys in NT. | 7.5 |
|||
| A Windows NT local user or administrator account has a guessable password. | 7.2 |
|||
| A Windows NT local user or administrator account has a default, null, blank, or missing password. | 7.5 |
|||
| A Windows NT domain user or administrator account has a guessable password. | 7.2 |
|||
| A Windows NT domain user or administrator account has a default, null, blank, or missing password. | 7.2 |
|||
| IP forwarding is enabled on a machine which is not a router or firewall. | 7.5 |
|||
| A NETBIOS/SMB share password is the default, null, or missing. | 7.5 |
|||
| A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. | 4.6 |
|||
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. | 10 |
|||
| The Windows NT guest account is enabled. | 4.6 |
|||
| Windows NT automatically logs in an administrator upon rebooting. | 7.2 |
|||
| A system-critical Windows NT file or directory has inappropriate permissions. | 10 |
|||
| The registry in Windows NT can be accessed remotely by users who are not administrators. | 7.5 |
|||
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | 10 |
|||
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. | 9.3 |
|||
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. | 7.5 |
|||
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. | 7.5 |
|||
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | 10 |
|||
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | 4.6 |
|||
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | 10 |
|||
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. | 10 |
|||
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | 5 |
|||
| A Windows NT administrator account has the default name of Administrator. | 2.1 |
|||
| A system does not present an appropriate legal message or warning to a user who is accessing it. | 10 |
|||
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | 4.9 |
|||
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. | 2.1 |
|||
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. | 5 |
|||
| Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. | 6.2 |
|||
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. | 4.6 |
|||
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | 4.6 |
|||
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | 2.6 |
|||
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. | 7.8 |
|||
| The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. | 7.1 |
|||
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. | 7.8 |
|||
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. | 5 |
|||
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | 10 |
|||
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. | 6.4 |
|||
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | 5 |
|||
| Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. | 5 |
|||
| Buffer overflow in War FTP allows remote execution of commands. | 7.5 |
|||
| NT users can gain debug-level access on a system process using the Sechole exploit. | 7.2 |
|||
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | 2.1 |
|||
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | 4.6 |
|||
| The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. | 7.2 |
|||
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | 4.6 |
|||
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | 7.5 |
|||
| A version of finger is running that exposes valid user information to any entity on the network. |
2025©
tesweb SA
