[2008-07-15] WinRemotePC Full+Lite 2008 r.2server Remote Denial of Service Vulnerability
Description
A vulnerability exists in WinRemotePC Full+Lite 2008 r.2+server in the way it handles recieved packets because it fails to properly process/sanitize arbitrarily lengths and/or invalid packets.The vulnerability occurs both before and after login.When confrunted with such packets the server starts consuming full cpu and memory and sometims leads to immediate crash.Although i couldn't find a packet pattern for immediate crash or exploitation the DOS is certain through cpu+memory consumption.
POC/Exploit code [.c]
The following poc has been provided in the Exploits page: [2008-07-15] WinRemotePC Full+Lite 2008 r.2server Denial of Service ExploitOther references
Milw0rm : http://www.milw0rm.com/exploits/6077
Securityfocus : http://www.securityfocus.com/bid/30236
Milw0rm : http://secunia.com/advisories/31102/