Microsoft Windows NT 3.51 Office Shortcut Bar privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Microsoft Windows NT 3.51. This impacts an unknown function of the component Office Shortcut Bar. The manipulation results in privileges management. This vulnerability is identified as CVE-1999-1294. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Microsoft Windows NT 3.51 (Operating System). Affected is an unknown functionality of the component Office Shortcut Bar. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality. CVE summarizes:
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
The weakness was released 12/31/1999 as confirmed knowledge base article (Website). The advisory is shared for download at support.microsoft.com. This vulnerability is traded as CVE-1999-1294. The exploitability is told to be easy. The attack needs to be approached locally. The successful exploitation needs a authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
Upgrading to version NT 4.0 or 2000 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (562). Entry connected to this vulnerability is available at VDB-15160. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Windows NT 4.0/2000
Timeline
12/31/1999 🔍12/31/1999 🔍
06/22/2014 🔍
04/20/2026 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: support.microsoft.com
Status: Confirmed
CVE: CVE-1999-1294 (🔍)
GCVE (CVE): GCVE-0-1999-1294
GCVE (VulDB): GCVE-100-15156
X-Force: 562 - Microsoft Office file manager allows users to see files without access
See also: 🔍
Entry
Created: 06/22/2014 17:03Updated: 04/20/2026 05:45
Changes: 06/22/2014 17:03 (42), 04/07/2017 16:03 (12), 04/20/2026 05:45 (15)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.