MS05-045: Network connection Manager DoS

Published: 2005-10-11
Last Updated: 2005-10-11 20:11:21 UTC
by Joshua Wright (Version: 2)
0 comment(s)
KB: 905414

CVE: CAN-2005-2307

The Network Connection Manager is used to manage different network connections (e.g. LAN, Dialup ...). A special crafted packet send to a connection can cause the Netowrk Connection Manager to die. However, it will restart once a new request is received.

Not much of a vulnerability. Requires an already authenticated (=connected) user and impact appears to be minimal. The latest versions of Windows are not vulnerable (XP-SP2, Win2k3 SP1). However, older and still popular versions are (like XP-SP1, Win2k3 pre-SP1, Win2k).

Firewall best practices can be used to mitigate the issue.

0 comment(s)


Diary Archives