Reported October 30, 2002, by Microsoft.

 

VERSIONS AFFECTED

  • Microsoft Windows XP

  •  Microsoft Windows 2000

 

DESCRIPTION

 

A Denial of Service (DoS) vulnerability exists in Windows XP and Windows 2000 PPTP. This DoS vulnerability is a result of an unchecked buffer in a section of code that processes the control data used to establish, maintain, and tear down PPTP connections. By delivering specially malformed PPTP control data to a vulnerable system, an attacker can corrupt kernel memory and cause the system to fail.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-063 (Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT
Discovered by Microsoft.