Summary
Hotfix to fix Unchecked Buffer in PPTP Implementation (Q329834) is not installed.
A security vulnerability results in the Windows 2000 and Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain and tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory and cause the system to fail, disrupting any work in progress on the system.
Impact of vulnerability: Denial of service
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 2000
Microsoft Windows XP
See
http://www.microsoft.com/technet/security/bulletin/ms02-063.mspx
Severity
Classification
-
CVE CVE-2002-1214 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)
- Cumulative Security Update for Internet Explorer (928090)
- Microsoft DirectAccess Security Advisory (2862152)
- Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)