The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Isa_server | Microsoft | 2000 (including) | 2000 (including) |
| Isa_server | Microsoft | 2000-fp1 (including) | 2000-fp1 (including) |
| Isa_server | Microsoft | 2000-sp1 (including) | 2000-sp1 (including) |
| Proxy_server | Microsoft | 2.0 (including) | 2.0 (including) |
| Proxy_server | Microsoft | 2.0-sp1 (including) | 2.0-sp1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=104994487012027\u0026w=2
- http://www.idefense.com/advisory/04.09.03.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406
- http://marc.info/?l=bugtraq\u0026m=104994487012027\u0026w=2
- http://www.idefense.com/advisory/04.09.03.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406