The NT Security page features useful pointers to background material on these and other potential NT vulnerabilities. Microsoft's authoritative response to its ongoing security problems can be found on this issues page.
| Bug | Exploit by | Date | TBTF | MSIE? | W-95? | W-NT? | Damage | Attacks via | Fix | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| #0 | (anony- mous) | 1/21 | 1/29 | -- | no | yes | Can consume all available CPU cycles from across the Net | telnet to port 135 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #1 | Paul Greene | 2/27 | 3/9 | 3.0, 3.01 | yes | 4.0 | Can run arbitrary program on your PC | .url or .lnk file |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #2 | David Ross | 3/4 | 3/9 | 3.0, 3.01, 3.01a | no | 4.0 w / SP 1 or 2 | Can run program if you double-click, w/no firewall | CIFS |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #3 | Chris Rioux | 3/7 | 3/9 | 3.01 | yes | no | Can run arbitrary program on your PC | .isp file |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #4 | Aaron Spangler | 3/14 | 3/21 | any, or NN | no | yes | Obtains username, hashed password | SMB |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #5 | Paul Ashton | 3/17 | 3/21 | any | no | yes | Obtains username, hashed password, more | NTLM |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #6 | Steve Birnbaum | 3/15 | 3/21 | any | no | yes | Obtains plaintext password | SMB |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| not a bug | #7 | Tea Vui Huang | 3/14 | 4/4 | any | no | yes | Can disable IE security if you agree | .reg file | -- | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| not a bug | #8 | Jeremy Allison, Jonathan Wilkins | 3/31 | 4/4 | -- | no | yes | Can be used to obtain plaintext passwords if security policy is lax | SAM (PWdump, NTcrack) | -- | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #8a | Dan Gordon | 4/18 | 4/21 | -- | yes | yes | Can reveal user names and passwords in plain text from ODBC log | ODBC Trace in Office 97 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #9 | Andrew Smith | 5/7 | 5/08 | 3 | yes | yes | Can run arbitrary program on your PC | PowerPoint presentation |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #10 | "_eci" | 5/7 | 5/22 | -- | yes | yes | Can crash or freeze any Windows PC from across the Net | TCP/IP OOB data to port 139 |
sp3
sp2 3.51 95
| #11
| Todd Fast
| 6/18
| 6/23
| -- | --
| yes
| Can crash IIS from across the Net
| Request a specific, non-deterministic URL
|
intel
| alpha
| #12
| Ben Mesander
| 8/7
| 8/11
| IE3 (also affects Netscape Navigator & HotJava; Macintosh immune)
| Can make network connection to arbitrary IP address
| Java VM bug
|
W3.1 / NT3.51 US
| W3.1 / NT3.51 export W95 / NT4
| #13
| Tim Macinta
| 9/8
| 9/15
| IE3 (Macintosh, Win 3.1 immune)
| Can overwrite files on disk
| MS extensions to Java
|
W95 / NT4
|
| #14
| Ralf Hueskes
| 10/16
| 11/17
| IE4 (Macintosh immune)
| Can steal known files from disk
| Dynamic HTML, Active Scripting
|
intel
|
| #15
| 11/10
| 11/10
| IE4 (Windows)
| Can execute arbitrary code locally
| res:// scheme
|
fix
| | ||||||||||
| TBTF HOME |
CURRENT ISSUE |
TBTF LOG |
TABLE OF CONTENTS |
TBTF THREADS |
SEARCH TBTF |
Copyright © 1994-2000 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.
Most recently updated 11/12/97