A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.

Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.

TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.

Bonk variation of teardrop IP fragmentation denial of service.

Buffer overflow in War FTP allows remote execution of commands.

Land IP denial of service.

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.

A NETBIOS/SMB share password is guessable.

A NETBIOS/SMB share password is the default, null, or missing.