CVE-2004-1792
Description
A remote denial-of-service vulnerability in YaSoft Switch Off 2.3 and earlier via a crafted packet to TCP port 8000 causes an infinite loop.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote denial-of-service vulnerability in YaSoft Switch Off 2.3 and earlier via a crafted packet to TCP port 8000 causes an infinite loop.
Vulnerability
swnet.dll in YaSoft Switch Off 2.3 and earlier contains a flaw where processing a long packet with two CRLF sequences on the service management port (TCP 8000) causes an infinite loop in the DLL. This leads to a denial-of-service condition. The vulnerability is reachable from the network without any prior authentication or special configuration [1].
Exploitation
An unauthenticated remote attacker needs only network access to TCP port 8000 of the target. By sending a malformed packet that includes a long payload terminated with two CRLF sequences, the attacker triggers the infinite loop in swnet.dll. No user interaction or elevated privileges are required [1].
Impact
Successful exploitation results in a complete denial of service for the YaSoft Switch Off service. The affected component enters an infinite loop, consuming CPU resources and rendering the management port unresponsive. No data is disclosed or modified, and the attacker does not gain code execution [1].
Mitigation
No specific patch or fixed version is mentioned in the available reference [1]. Users are advised to restrict access to TCP port 8000 via firewall rules or deactivate the service if not required. Contacting the vendor for an updated version may also be necessary.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17cpe:2.3:a:yatsoft:switch_off:0.7:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:yatsoft:switch_off:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:yatsoft:switch_off:2.3:*:*:*:*:*:*:*
- (no CPE)range: <=2.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/10521nvdExploit
- securitytracker.com/idnvdExploit
- www.elitehaven.net/switchoff.txtnvdExploit
- www.securityfocus.com/archive/1/348693nvdExploit
- www.securityfocus.com/bid/9339nvdExploit
- exchange.xforce.ibmcloud.com/vulnerabilities/14123nvd
News mentions
0No linked articles in our index yet.