Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft UPnP DoS

Microsoft UPnP DoS

by Phiber on November 14th, 2001 A denial of service vulnerability exists in UPnP implementations that may allow for a remotely exploitable denial of service. When the UPnP service recieves invalid data, system performance degradation may occur on Windows 98, 98SE, ME and XP systems.


Vulnerable:

Microsoft Windows ME

Microsoft Windows 98se

Microsoft Windows 98

Microsoft Windows XP



- On XP systems, each request consumes a small amount of memory that is not freed. This is due to a memory leak error. It is possible to exhaust memory resources by repeatedly sending invalid UPnP data to the target XP system.


Solution:

  • Microsoft Windows ME
  • Microsoft Windows 98SE
  • Microsoft Windows 98

    - For XP systems, the fix is contained in the update titled "Windows XP Update Package, October 25, 2001".


    - Discovered by Ken ([email protected]).


  • Newsletter signup

    Signup to our monthly newsletter and stay in touch with IT news!

    Free E-books

    We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

    Contact

    Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

    Contact us »