Microsoft » Windows Nt : Security Vulnerabilities, CVEs, Published In 1999 (Denial of service) CVSS score >= 6

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.

Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.