الوصف الكامل

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

نوع الثغرة

CWE-264 — Permissions Issue

CVSS Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

المراجع

الوصف الكامل

A Windows NT local user or administrator account has a guessable password.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

المراجع

الوصف الكامل

A Windows NT local user or administrator account has a default, null, blank, or missing password.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

المراجع

الوصف الكامل

The registry in Windows NT can be accessed remotely by users who are not administrators.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

المراجع

الوصف الكامل

A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

المراجع

الوصف الكامل

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

المراجع

الوصف الكامل

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

نوع الثغرة

NVD-CWE-Other — NVD-CWE-Other

CVSS Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

المراجع