CVE-1999-0153

Windows 95/NT - Denial of Service via NETBIOS OOB Data

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-1999-0153. PoCs published by _eci, maddog & lerper.

AI-analyzed exploit summary This exploit sends an out-of-band (OOB) TCP packet to port 139 (NetBIOS) on vulnerable Windows systems, causing a denial of service (blue screen of death) due to improper handling of the URGENT pointer in the TCP header.

Description

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Exploits (4)

exploitdb WORKING POC VERIFIED
by _eci · cdoswindows
https://www.exploit-db.com/exploits/20437

This exploit sends an out-of-band (OOB) TCP packet to port 139 (NetBIOS) on vulnerable Windows systems, causing a denial of service (blue screen of death) due to improper handling of the URGENT pointer in the TCP header.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows 95, Windows for Workgroups 3.11, Windows NT up to 4.0, SCO Open Server 5.0
No auth needed
Prerequisites: Network access to the target's port 139 (NetBIOS)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by maddog & lerper · textdoswindows
https://www.exploit-db.com/exploits/20440

This exploit leverages a vulnerability in older Microsoft Windows and SCO Open Server systems by sending malformed TCP/IP 'Out of Band' data to port 139, causing a blue screen of death (DoS). The script is designed for IRC (BitchX) to automate attacks against specific users, ops, or entire channels.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (95, NT up to 4.0), SCO Open Server 5.0
No auth needed
Prerequisites: Compiled 'winnuke.c' binary · Access to target's IP or domain via IRC · Target running vulnerable OS
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by _eci · perldoswindows
https://www.exploit-db.com/exploits/20439

This exploit targets a vulnerability in older Microsoft Windows and SCO Open Server systems by sending TCP/IP 'Out of Band' data with an URGENT POINTER set to the end of the frame, causing a blue screen of death (DoS). The script connects to port 139 (NetBIOS) and sends a small payload with the MSG_OOB flag.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (95, Windows for Workgroups 3.11, Windows NT up to 4.0), SCO Open Server 5.0
No auth needed
Prerequisites: Network access to the target system · Target system running vulnerable OS version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by _eci · perldoswindows
https://www.exploit-db.com/exploits/20438

This exploit leverages a vulnerability in older Microsoft Windows and SCO Open Server systems by sending TCP/IP 'Out of Band' data with an URGENT POINTER set to the end of the frame, causing a blue screen of death (DoS). The PoC uses Perl to send a crafted packet to port 139 (NetBIOS).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (95, Windows for Workgroups 3.11, Windows NT up to 4.0), SCO Open Server 5.0
No auth needed
Prerequisites: Network access to target · Target system running vulnerable OS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1666

Scores

EPSS 0.2278
EPSS Percentile 97.4%

Details

Status published
Products (4)
microsoft/windows_2000
microsoft/windows_95
microsoft/windows_nt
sco/openserver 5.0
Published Jul 01, 1997
Tracked Since Feb 18, 2026