Reported June 08, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows Server 2003
  • Windows XP
  • Windows 2000
  • Windows 98

DESCRIPTION
A Denial of Service (DOS) vulnerability exists in the implementation of the IDirectPlay4 API of Microsoft DirectPlay. This vulnerability stems from of a lack of robust packet validation.

VENDOR RESPONSE
Microsoft has released bulletin MS04-016, "Vulnerability in DirectPlay Could Allow Denial of Service" (839643), to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by John Lampe, Tenable Network Security.