CVE-1999-0918
published 1999-07-03CVE-1999-0918: Denial of service in various Windows systems via malformed, fragmented IGMP packets.
PriorityP432high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
30.47%
98.0th percentile
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)
exploitdb·1999-07-03
CVE-1999-0918 Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/514/info
The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.
/***
Kox by Coolio ([email protected])
this was a successful attempt to duplicate klepto/defile's kod win98
exploit and add spoofing support to it. me and defile made this a
race to see who could do spoofing kod first. he won. (mine's better!)
my kox and defile's skod output about the same packets
but he had skod working a few hours before i had kox working.
affec
Exploit-DB
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)
exploitdb·1999-07-03
CVE-1999-0918 Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)
---
// source: https://www.securityfocus.com/bid/514/info
The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.
/*
::: kod.c (kiss of death) version 1.2
::: [author] kod.c bug found by klepto /
[email protected] / rewritten by ignitor / ignitor@EFnet
::: [stuph ] works on bsd/linux/*nix
::: [notes ] bluescreens windows users(98/98se) and kills
tcp stack
::: [m$ bug] windows handles igmp badly and this is the
result
::: [greets]
amputee/nizda/nyt/ignitor/skyline/codelogic/i
Exploit-DB
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)
exploitdb·1999-04-06
CVE-1999-0918 Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)
Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)
---
// source: https://www.securityfocus.com/bid/514/info
The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.
/*
** pimp.c 6/4/99 by Rob Mosher: [email protected]
** exploits bug in m$'s ip stack
** rewrite by nyt@EFnet
** bug found by klepto
** usage: pimp
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
struct igmp
{
unsigned char igmp_type;
unsigned char igmp_code;
unsigned short igmp_cksum;
struct in_addr igmp_group;
};
#define ERROR
No writeups or analysis indexed.
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238329http://www.securityfocus.com/bid/514https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-034http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238329http://www.securityfocus.com/bid/514https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-034
1999-07-03
Published