CVE-2002-1712
Description
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*+ 23 more
- cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"The TCP stack in Windows 2000 consumes excessive memory when processing a flood of empty TCP packets with ACK and FIN bits set."
Attack vector
An attacker can send a large volume of empty TCP packets with both the ACK and FIN bits set to a target system on the NetBIOS port (TCP/139) [ref_id=1]. This causes the system's TCP stack to allocate memory for each packet, leading to resource exhaustion. The exploit code demonstrates sending these packets repeatedly to overwhelm the target [ref_id=1].
Affected code
The vulnerability lies within the TCP stack of Microsoft Windows 2000, specifically how it handles incoming TCP packets with the ACK and FIN flags set on port 139 [ref_id=1]. The provided exploit code targets this by constructing and sending malformed TCP/IP packets [ref_id=1].
What the fix does
The advisory does not specify a patch or fix for this vulnerability. Remediation guidance suggests applying vendor-supplied patches when available. As no patch is provided in the bundle, the vulnerability remains unaddressed.
Preconditions
- networkThe target system must be reachable over the network.
- inputThe target system must be running a vulnerable version of Microsoft Windows 2000.
Reproduction
The provided exploit code `stream3.c` can be used to reproduce the denial of service by targeting a Windows 2000 machine on port 139 with a flood of ACK/FIN TCP packets [ref_id=1].
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.