Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1712 — Microsoft Windows NT vulnerability

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

49.9%

top 2.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qqrj-v5vx-f7h4: Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the A↗2022-04-30

▶

CVEList

CVE-2002-1712: Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the A↗2005-06-21

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)↗2001-04-13

▶

Exploit-DB

Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)↗2001-04-13

▶