cbcvebase.
CVE-2005-1184
published 2005-05-02

CVE-2005-1184: The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct…

PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
37.00%
98.3th percentile
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_nt

Detection & IOCsextracted from sources · hover to see the quote

command./storm rl0 192.168.10.13 1 'dst port 80'
filenamestorm.c
  • The exploit uses libpcap in promiscuous mode to sniff an established TCP connection and then injects raw spoofed TCP packets; detect raw socket creation combined with promiscuous interface activity from unexpected processes.
  • ·Replicability of this vulnerability is disputed; some follow-up reports indicate the issue could not be reproduced.
  • ·The exploit requires an already-established TCP session to be observable (sniffed) by the attacker; it is not a blind attack — the attacker must be on-path or able to capture traffic to obtain valid sequence numbers.
  • ·The exploit tool uses a configurable packet injection count (StormCount) and a libpcap filter; a count of 0 means unlimited injections, making the DoS duration attacker-controlled.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.