Microsoft ≫ Windows Nt

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

Denial of service in Windows NT messenger service through a long username.

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Denial of service in various Windows systems via malformed, fragmented IGMP packets.