CVE-2005-1218
Description
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*+ 14 more
- cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
- (no CPE)
- (no CPE)
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 6 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
Root cause
"Insufficient validation of Remote Desktop Protocol (RDP) message data by the Windows kernel allows specially crafted requests to trigger a system crash."
Attack vector
An attacker sends a specially crafted Remote Desktop Protocol (RDP) message to an affected system over TCP port 3389 (or a custom port if RDP has been reconfigured). The vulnerability is triggered remotely without authentication, as the malformed message is processed during the initial protocol handshake before any session credentials are exchanged. The attack results in a denial of service, causing the target system to stop responding and automatically restart [ref_id=1].
Affected code
The advisory does not specify particular functions or file paths. The vulnerability exists in the Windows kernel's handling of Remote Desktop Protocol (RDP) messages across Windows 2000 Server, Windows XP, and Windows Server 2003 [ref_id=1].
What the fix does
The security update addresses the vulnerability by improving the validation that the Remote Desktop Protocol performs on incoming data, ensuring that malformed messages are rejected before they can cause a system crash [ref_id=1]. No patch diff is available in the bundle; the advisory states that the update corrects "the process used to validate data by the Remote Desktop Protocol" [ref_id=1].
Preconditions
- networkAttacker must be able to send network traffic to TCP port 3389 (or a custom RDP port) on the target system.
- configRDP must be enabled on the target system. By default, RDP is not enabled on any affected operating system version, though Remote Assistance, Terminal Services, or Media Center Extenders may enable it [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- www.microsoft.com/technet/security/advisory/904797.mspxnvdPatchVendor Advisory
- www.securityfocus.com/bid/14259nvdPatch
- www.us-cert.gov/cas/techalerts/TA05-221A.htmlnvdPatchUS Government Resource
- www.kb.cert.org/vuls/id/490628nvdUS Government Resource
- marc.infonvd
- security-protocols.com/modules.phpnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-041nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100092nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A180nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A346nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A376nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A609nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A618nvd
- www.immunitysec.com/pipermail/dailydave/2005-July/002188.htmlnvd
News mentions
0No linked articles in our index yet.