Teardrop IP denial of service.

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

Land IP denial of service.

Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.

Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.

Denial of service through Winpopup using large user names.

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

Predictable TCP sequence numbers allow spoofing.