Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Published 2002-10-28 05:00:00
Updated 2019-04-30 14:27:14
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2002-1214

Probability of exploitation activity in the next 30 days: 96.77%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2002-1214

  • MS02-063 PPTP Malformed Control Data Kernel Denial of Service
    Disclosure Date: 2002-09-26
    First seen: 2020-04-26
    auxiliary/dos/pptp/ms02_063_pptp_dos
    This module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however

CVSS scores for CVE-2002-1214

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

References for CVE-2002-1214

Products affected by CVE-2002-1214

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!