Reported October 30, 2002, by Microsoft.



  • Microsoft Windows XP

  •  Microsoft Windows 2000




A Denial of Service (DoS) vulnerability exists in Windows XP and Windows 2000 PPTP. This DoS vulnerability is a result of an unchecked buffer in a section of code that processes the control data used to establish, maintain, and tear down PPTP connections. By delivering specially malformed PPTP control data to a vulnerable system, an attacker can corrupt kernel memory and cause the system to fail.




The vendor, Microsoft, has released Security Bulletin MS02-063 (Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.


Discovered by Microsoft.