Signature Detail

APP: Microsoft PPTP DoS

This signature detects attempts to exploit a known vulnerability against Microsoft Point to Point Tunneling Protocol (PPTP). All versions of Microsoft Windows with PPTP server or PPTP client enabled are vulnerable. Attackers can crash the target kernel or execute arbitrary code.

Extended Description

A buffer overflow vulnerability has been reported for Microsoft's PPTP (Point to Point Tunneling Protocol) implementation. The vulnerability reportedly exists in both the PPTP server and client applications. It is possible for a malicious attacker to craft a packet which causes memory to be corrupted with attacker-supplied data and send it to the PPTP process. This may result in the execution of attacker-supplied malicious code.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Terminal Services SP1
• Microsoft Windows 2000 Terminal Services SP2
• Microsoft Windows 2000 Terminal Services SP3
• Microsoft Windows 2000 Terminal Services
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional

References

• BugTraq: 5807
• CVE: CVE-2002-1214
• URL: http://www.microsoft.com/technet/security/Bulletin/MS02-063.mspx