Summary
Hotfix to fix Unchecked Buffer in PPTP Implementation (Q329834) is not installed.
A security vulnerability results in the Windows 2000 and Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain and tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory and cause the system to fail, disrupting any work in progress on the system.
Impact of vulnerability: Denial of service
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 2000
Microsoft Windows XP
See
http://www.microsoft.com/technet/security/bulletin/ms02-063.mspx
Severity
Classification
-
CVE CVE-2002-1214 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Buffer Overrun in Messenger Service (828035)
- Cumulative Patch for Internet Information Services (Q327696)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)