Strike ID:
D11-4jr01
CVSS:
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
False Positive:
t
Variants:
1
Year:
2011

Description

This strike exploits a vulnerability in Microsoft Host Integration Server. Specifically an input validation error occurs when handling packets with the payload size field of 0. Improper validation occurs when the packet calculates the size and then tries to subtract 2 counting for the size of the field itself. This value is then used as a parameter which returns a value of 0. The infinite loop occurs when this code then tries to decrement the value that was passed in as a parameter.

CVE

MSB

OSVDB

76223