cbcvebase.
CVE-2005-0048
published 2005-05-02

CVE-2005-0048: Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and…

PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
45.52%
98.6th percentile
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

bytes
IP options field: option byte + size byte 0x27 (39) + 38 bytes payload
  • Look for IPv4 TCP SYN packets with a 60-byte IP header (ip_hl=15, indicating maximum IP options of 40 bytes) sent to arbitrary destination ports — characteristic of the PoC exploit traffic pattern.
  • The exploit sends the malformed packet 5 times in rapid succession to the target; repeated identical malformed-options packets from the same source may indicate exploitation attempts.
  • ·The immediate observable consequence of exploitation is a denial of service (crash), though remote code execution has been reported as a potential outcome.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.