CVE-2002-0597
Description
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
Root cause
"The LANMAN service improperly handles malformed data, leading to excessive CPU and memory consumption."
Attack vector
An attacker can remotely send a stream of malformed data to the microsoft-ds port (445) on a vulnerable Windows 2000 system. This can be achieved via TCP or UDP protocols. The exploit sends a 10k NULL string repeatedly to the target port. The advisory notes that UDP is more effective, consuming up to 99% CPU, while TCP consumes around 35% and may require multiple attacking hosts for a significant impact [ref_id=1].
Affected code
The vulnerability resides within the LANMAN service on Microsoft Windows 2000, which listens on port 445 (microsoft-ds) [ref_id=1]. The exact code path is not detailed, but the issue is triggered by submitting malformed data to this service.
What the fix does
The advisory does not specify a patch or a fix for this vulnerability. It recommends disabling the Server service if it is not required, or blocking port 445 at the network perimeter to mitigate the risk.
Preconditions
- networkThe attacker must be able to send network traffic to port 445 (microsoft-ds) on the target system.
- configThe LANMAN service (or Server service) must be running on the target Windows 2000 system.
Reproduction
The provided exploit code can be used to reproduce the denial of service. The usage is: `<Server IP> <TCP/UDP> <Send Count>`. For example: `exploit 127.0.0.1 UDP 10000` [ref_id=1].
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- online.securityfocus.com/archive/1/268066nvdPatchVendor Advisory
- www.securityfocus.com/bid/4532nvdExploitPatchVendor Advisory
- www.iss.net/security_center/static/8867.phpnvdVendor Advisory
- www.kb.cert.org/vuls/id/693099nvdUS Government Resource
- archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.htmlnvd
- support.microsoft.com/default.aspxnvd
- www.osvdb.org/5179nvd
News mentions
0No linked articles in our index yet.