A stack-based buffer overflow in the ProcessDataReceivedOnSocket function in the Microsoft Telnet Server Helper (tlntsess.exe) can be used by remote unauthenticated attackers to render the Telnet server unresponsive. This module will crash the tlntsess.exe Helper process, which is in charge of handling a client connection. The tlntsvr.exe process, which is the service listening for incoming connections on port 23, will not notice that a client slot was freed due to the crash, so by triggering this vulnerability multiple times it's possible to consume all the available client slots (2 by default), making the Telnet service to refuse further incoming connections.
CVE Link
Exploit Platform
Exploit Type
Product Name