CVE-1999-0224

Windows NT - Denial of Service via Long Username

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0224. PoCs published by Fyodor.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Windows NT (and possibly Windows 95) by sending an excessively long username in a Winpopup message via SMB. The attack is executed using the 'smbclient' tool from UNIX systems.

Description

Denial of service in Windows NT messenger service through a long username.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Fyodor · textdoswindows

https://www.exploit-db.com/exploits/329

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Windows NT (and possibly Windows 95) by sending an excessively long username in a Winpopup message via SMB. The attack is executed using the 'smbclient' tool from UNIX systems.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Windows NT, possibly Windows 95

No auth needed

Prerequisites: Access to a UNIX system with 'smbclient' installed · Network connectivity to the target Windows system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://www.cve.org/CVERecord?id=CVE-1999-0224

Scores

EPSS 0.1679

EPSS Percentile 96.7%

Details

Status published

Products (1)

microsoft/windows_nt 4.0 (6 CPE variants)

Published Jul 23, 1999

Tracked Since Feb 18, 2026