| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. |
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| A Windows NT administrator account has the default name of Administrator. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. |
| Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. |
| Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. |
| Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
