Back
CVE-1999-1127
HIGH
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
Published: Dec 31, 1999
Modified: Apr 16, 2026
CWE-772
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_nt | 4.0 |
| microsoft | windows_nt | 4.0 |
| microsoft | windows_nt | 4.0 |
| microsoft | windows_nt | 4.0 |
GitHub Security Advisory GHSA-fjjp-8g8w-55f2
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows...
References (6)
- http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Broken Link, Patch, Vendor Advisory
- http://www.iss.net/security_center/static/523.php Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017 Patch, Vendor Advisory
- http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Broken Link, Patch, Vendor Advisory
- http://www.iss.net/security_center/static/523.php Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017 Patch, Vendor Advisory
Risk Scores
CVSS Score
7.5 / 10
EPSS Score
30.03%
Top 3% most likely to be exploited
Threat Score
39 / 100
Data Sources
NVD
EPSS
GitHub