Microsoft : Security Vulnerabilities, CVEs, (Denial of service)

Teardrop IP denial of service.

Land IP denial of service.

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

Denial of service in RAS/PPTP on NT systems.

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Denial of service in Windows NT messenger service through a long username.

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.

Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

Denial of service in Windows NT IIS server using ..\..

Bonk variation of teardrop IP fragmentation denial of service.

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Denial of service in IIS using long URLs.

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Denial of service through Winpopup using large user names.

All records in a WINS database can be deleted through SNMP for a denial of service.

Buffer overflow in NetMeeting allows denial of service and remote command execution.

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.