NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-003
http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
http://www.securityfocus.com/bid/934
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ247869