MS02-018: Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS (319733) (intrusive check)

This script is Copyright (C) 2002-2017 Tenable Network Security, Inc.


Synopsis :

The remote service is prone to a denial of service attack.

Description :

By sending a long series of malformed data (such as 20200 NULL bytes)
to the remote Windows MSDTC service, it is possible for an attacker to
cause the associated MSDTC.EXE to use 100% of the available CPU and
exhaust kernel resources.

See also :

http://seclists.org/bugtraq/2002/Apr/290
http://technet.microsoft.com/en-us/security/bulletin/ms02-018

Solution :

Microsoft has reportedly included the fix in MS02-018.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 10939 ()

Bugtraq ID: 4006

CVE ID: CVE-2002-0224

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now