Saturday, November 19, 2005

uPnP Denial of Service Vulnerability in Windows 2000

Secunia offered a vulnerability announcement for Windows XP SP1 and Windows 2000. When a system running one of these operating systems requests a device list via RPC, the system is vulnerable to a potential Denial of Service attack.

The vulnerability announcement can be found here:
Microsoft's Security Advisory is here:

The original write-up announcing the vulnerability is here:
An addendum is here:

Exploit code is in the write-up with the addendum containing a correction.


Post a Comment

Links to this post:

Create a Link

<< Home