[2008-07-15] WinRemotePC Full+Lite 2008 r.2server Remote Denial of Service Vulnerability


A vulnerability exists in WinRemotePC Full+Lite 2008 r.2+server in the way it handles recieved packets because it fails to properly process/sanitize arbitrarily lengths and/or invalid packets.The vulnerability occurs both before and after login.When confrunted with such packets the server starts consuming full cpu and memory and sometims leads to immediate crash.Although i couldn't find a packet pattern for immediate crash or exploitation the DOS is certain through cpu+memory consumption.

POC/Exploit code   [.c]

The following poc has been provided in the Exploits page: [2008-07-15] WinRemotePC Full+Lite 2008 r.2server Denial of Service Exploit