Microsoft网络会议漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106044 漏洞类型 未知
发布时间 2000-10-13 更新时间 2005-10-12
CVE编号 CVE-2000-0983 CNNVD-ID CNNVD-200012-093
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20289
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-093
|漏洞详情
带远程桌面共享启用的Microsoft网络会议存在漏洞。远程攻击者借助一系列到网络会议端口的空字节导致服务拒绝(CPU利用),也称为“网络桌面共享”漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/1798/info

The Remote Desktop Sharing component of Microsoft NetMeeting for Windows NT 4.0 / 2000 does not properly handle a particular type of malformed input string sent over port 1720. CPU utilization can be caused to spike to 100% and any existing NetMeeting sessions would fail in the event of an attack. Restarting the application would be required in order to regain normal functionality.

NetMeeting, including the affected component Remote Desktop Sharing, is shipped with Microsoft 2000 but is not enabled by default. NetMeeting can be downloaded as an add-on for NT 4.0.

*A new variant of this vulnerability has been discovered, the result of the new variant is the same as the originally discovered issue. No further technical details have been made available. User's are encouraged to install the latest patch.

nc target 1720 < /dev/zero
|参考资料

来源:XF
名称:netmeeting-desktop-sharing-dos
链接:http://xforce.iss.net/static/5368.php
来源:BID
名称:1798
链接:http://www.securityfocus.com/bid/1798
来源:MSKB
名称:Q273854
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q273854
来源:BUGTRAQ
名称:20001018DenialofServiceattackagainstcomputersrunningMicrosoftNetMeeting
链接:http://www.securityfocus.com/archive/1/140341
来源:MS
名称:MS00-077
链接:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp