CVE-1999-0376

Windows NT - Privilege Escalation via KnownDLLs List Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0376. PoCs published by L0pht.

AI-analyzed exploit summary The exploit describes a vulnerability in Windows NT's object namespace where KnownDlls mappings can be manipulated to redirect DLL calls. This is a technical explanation of the issue without providing functional exploit code.

Description

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

Exploits (1)

exploitdb WRITEUP VERIFIED

by L0pht · textlocalwindows

https://www.exploit-db.com/exploits/19198

View Code ZIP pw:eip

The exploit describes a vulnerability in Windows NT's object namespace where KnownDlls mappings can be manipulated to redirect DLL calls. This is a technical explanation of the issue without providing functional exploit code.

Classification

Writeup 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Windows NT

Auth required

Prerequisites: Local access to the system · Ability to manipulate the object namespace

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-006

Scores

EPSS 0.0244

EPSS Percentile 82.2%

Details

Status published

Products (2)

microsoft/windows_nt 3.5.1

microsoft/windows_nt 4.0 (5 CPE variants)

Published Feb 20, 1999

Tracked Since Feb 18, 2026