Microsoft Windows
A non-administrative user can listen on all available UDP ports of the system. This will reduce the DNS requests’ nonce to 16-bit only, making it feasible to conduct a DNS poisoning attack. Since MS Windows maintains a DNS cache, attacking a single host is not feasible (unless the TTL is very low), however this vulnerability can be used on its own to attack a range of domains, including non-existent ones.