Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1561Microsoft Windows NT vulnerability

25 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
62.2%
top 1.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows NT
Timeline
PublishedApr 2
Latest updateApr 30

Description

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-vff3-5vfq-9m5f: The RPC component in Windows 2000, Windows NT 42022-04-30
CVEList
CVE-2002-1561: The RPC component in Windows 2000, Windows NT 42003-03-26

💥Exploits & PoCs

4
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1)2002-10-22
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2)2002-10-22
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)2002-10-18
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4)2002-10-18

🔍Detection Rules

18
Suricata
GPL NETBIOS SMB-DS IrotIsRunning little endian andx attempt2010-09-23
Suricata
GPL NETBIOS DCERPC IrotIsRunning attempt2010-09-23
Suricata
GPL NETBIOS SMB IrotIsRunning unicode attempt2010-09-23
Suricata
GPL NETBIOS DCERPC IrotIsRunning little endian attempt2010-09-23
Suricata
GPL NETBIOS SMB IrotIsRunning unicode andx attempt2010-09-23
CVE-2002-1561 — Microsoft Windows NT vulnerability | cvebase