Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Denial of service in RAS/PPTP on NT systems.

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.