Saturday, November 19, 2005

uPnP Denial of Service Vulnerability in Windows 2000

Secunia offered a vulnerability announcement for Windows XP SP1 and Windows 2000. When a system running one of these operating systems requests a device list via RPC, the system is vulnerable to a potential Denial of Service attack.

The vulnerability announcement can be found here: http://secunia.com/advisories/17595/
Microsoft's Security Advisory is here: http://www.microsoft.com/technet/security/advisory/911052.mspx

The original write-up announcing the vulnerability is here: http://seclists.org/lists/vuln-dev/2005/Nov/0008.html
An addendum is here: http://seclists.org/lists/vuln-dev/2005/Nov/0007.html

Exploit code is in the write-up with the addendum containing a correction.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home