Vulnerabilities > CVE-2005-1218 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
exploit available

Summary

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

Exploit-Db

descriptionMS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit. CVE-2005-1218,CVE-2005-2303. Dos exploit for windows platform
idEDB-ID:1143
last seen2016-01-31
modified2005-08-09
published2005-08-09
reporterTom Ferris
sourcehttps://www.exploit-db.com/download/1143/
titleMicrosoft Windows XP SP2 rdpwd.sys Remote Kernel DoS Exploit

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-041.NASL
descriptionThe remote host contains a version of the Remote Desktop protocol/service that is vulnerable to a security flaw that could allow an attacker to crash the remote service and cause the system to stop responding.
last seen2020-06-01
modified2020-06-02
plugin id19404
published2005-08-09
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19404
titleMS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
code
#
# Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19404);
 script_version("1.34");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1218");
 script_bugtraq_id(14259);
 script_xref(name:"MSFT", value:"MS05-041");
 script_xref(name:"CERT", value:"490628");
 script_xref(name:"EDB-ID", value:"1143");
 script_xref(name:"MSKB", value:"899591");

 script_name(english:"MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)");
 script_summary(english:"Determines the presence of update 899591");

 script_set_attribute(attribute:"synopsis", value:"It is possible to crash the remote desktop service.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Remote Desktop
protocol/service that is vulnerable to a security flaw that could allow
an attacker to crash the remote service and cause the system to stop
responding.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-041");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-041';
kb = '899591';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_sp_range(win2k:'4'))
{
  if (hotfix_check_nt_server() <= 0) exit(0, "The Windows host is not an NT Server.");
   exit(0);
}

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Rdpwd.sys", version:"5.2.3790.348", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Rdpwd.sys", version:"5.2.3790.2465", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Rdpwd.sys", version:"5.1.2600.1698", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Rdpwd.sys", version:"5.1.2600.2695", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", sp:4, file:"Rdpwd.sys", version:"5.0.2195.7055", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2011-05-16T04:00:05.190-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:100092
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleWindows XP,SP1 (64-bit) RDP DoS Vulnerability
    version39
  • accepted2016-02-19T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:180
    statusaccepted
    submitted2006-09-22T05:40:00.000-04:00
    titleWindows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability
    version43
  • accepted2016-02-19T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:346
    statusaccepted
    submitted2006-09-22T05:40:00.000-04:00
    titleWindows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
    version41
  • accepted2016-02-19T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:376
    statusaccepted
    submitted2006-09-22T05:40:00.000-04:00
    titleWindows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability
    version43
  • accepted2016-02-19T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:609
    statusaccepted
    submitted2006-09-22T05:40:00.000-04:00
    titleWindows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability
    version43
  • accepted2016-02-19T10:00:00.000-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
    familywindows
    idoval:org.mitre.oval:def:618
    statusaccepted
    submitted2006-09-22T05:40:00.000-04:00
    titleWindows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
    version42