CVE-2005-1218 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows XP * Microsoft Windows 2003 Server Web Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server Enterprise_64-Bit Microsoft Windows 2003 Server Standard_64-Bit Microsoft Windows 2003 Server Datacenter_64-Bit Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2000 *	24

Exploit-Db

description	MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit. CVE-2005-1218,CVE-2005-2303. Dos exploit for windows platform
id	EDB-ID:1143
last seen	2016-01-31
modified	2005-08-09
published	2005-08-09
reporter	Tom Ferris
source	https://www.exploit-db.com/download/1143/
title	Microsoft Windows XP SP2 rdpwd.sys Remote Kernel DoS Exploit

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS05-041.NASL
description	The remote host contains a version of the Remote Desktop protocol/service that is vulnerable to a security flaw that could allow an attacker to crash the remote service and cause the system to stop responding.
last seen	2020-06-01
modified	2020-06-02
plugin id	19404
published	2005-08-09
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19404
title	MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
code	# # Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19404); script_version("1.34"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2005-1218"); script_bugtraq_id(14259); script_xref(name:"MSFT", value:"MS05-041"); script_xref(name:"CERT", value:"490628"); script_xref(name:"EDB-ID", value:"1143"); script_xref(name:"MSKB", value:"899591"); script_name(english:"MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)"); script_summary(english:"Determines the presence of update 899591"); script_set_attribute(attribute:"synopsis", value:"It is possible to crash the remote desktop service."); script_set_attribute(attribute:"description", value: "The remote host contains a version of the Remote Desktop protocol/service that is vulnerable to a security flaw that could allow an attacker to crash the remote service and cause the system to stop responding."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-041"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-041'; kb = '899591'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_sp_range(win2k:'4')) { if (hotfix_check_nt_server() <= 0) exit(0, "The Windows host is not an NT Server."); exit(0); } rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Rdpwd.sys", version:"5.2.3790.348", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:1, file:"Rdpwd.sys", version:"5.2.3790.2465", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Rdpwd.sys", version:"5.1.2600.1698", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Rdpwd.sys", version:"5.1.2600.2695", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", sp:4, file:"Rdpwd.sys", version:"5.0.2195.7055", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2011-05-16T04:00:05.190-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:100092

status

accepted

submitted

2005-08-16T12:00:00.000-04:00

title

Windows XP,SP1 (64-bit) RDP DoS Vulnerability

version

39

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:180

status

accepted

submitted

2006-09-22T05:40:00.000-04:00

title

Windows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability

version

43

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:346

status

accepted

submitted

2006-09-22T05:40:00.000-04:00

title

Windows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability

version

41

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:376

status

accepted

submitted

2006-09-22T05:40:00.000-04:00

title

Windows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability

version

43

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:609

status

accepted

submitted

2006-09-22T05:40:00.000-04:00

title

Windows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability

version

43

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

family

windows

id

oval:org.mitre.oval:def:618

status

accepted

submitted

2006-09-22T05:40:00.000-04:00

title

Windows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability

version

42

Vulnerabilities > CVE-2005-1218 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

References