Reported September 19, 2000 by Vigilante

VERSIONS AFFECTED
  • WinCOM LPD V1.00.90 (Windows NT Version)

DESCRIPTION

A malicious attacker could cause all available memory on a Windows NT host to be consumed if that Windows NT host is running WinCOM LPD V1.00.90.

DEMONSTRATION

By sending a constant stream of LPD options to TCP port 515, which is the default port that WinCOM LPD listens on, an attacker can cause all available memory resources to be consumed.

VENDOR RESPONSE

According to Vigilante, the vendor was contacted and has committed to fixing this issue in their next release of WinCOM LPD.

CREDIT
Discovered by
Vigilante