Windows tcpip.sys is susceptible to a remote buffer overflow vulnerability. This issue allows remote attackers to crash and/or take complete control of vulnerable hosts.
Microsoft Host Integration Server is prone to a remote denial of service due to improper memory handling by the process SnaBase.exe when parsing UDP packets arriving on port 1478.
MetaServer RT is prone to a remote denial of service when handling certain packets on TCP port 2194.
This module exploits a remote vulnerability that could allow an attacker to send a specially crafted SMB message to an affected system causing a denial of service. This bug was accidentally discovered while researching the details for the vulnerability MS06-035. This is a different vulnerability, and does not give the attacker the possibility of code execution.
This module shuts down the Inetserv POP3 Server because it fails to properly handle user-supplied malformed packets.
This module exploits a denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them.
This module restarts the IIS server. This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default under Windows 2000 Advanced Server the target host will automatically restart. Under Windows 2000 Professional a message box will pop up in the console and the server will not be restarted until a user presses [OK].
This module exploits the vulnerabilities detailed in Core Security Technologies advisory CORE-2004-0802 to shutdown the Network News Transfer Protocol (NNTP) service on IIS and Exchange servers. The bugs exploited are present in the parser and query translator for the XPAT command.
This module exploits a denial of service vulnerability that results because IIS 7.5 do not correctly handle an error condition when receives a specially crafted FTP Telnet IAC packet.
This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default, on IIS versions 5.0, 5.1 and 6 the server will automatically restart. However if a JIT debugger is configured in the target system a message box will pop up in the console and the server will not be restarted (and continues to process requests) until a user presses [OK]. On IIS version 7 by default the server will not restart. For this exploit to be successful, the FTP server must not be empty.