Title: Windows ME Simple Service Discovery Protocol Denial of Service Vulnerability
Severity: MODERATE
Description:
Universal Plug and Play (UPnP) is a feature of Windows ME, which detects and configures network devices and services. UPnP can be installed and configured via the control panel. In order for a device or service to be discovered and communicated with, the Simple Service Discovery Protocol(SSDP) function gathers information about the device and returns it to UPnP.
A vulnerability exists in Simple Service Discovery Protocol (SSDP) which could allow an unauthorized user to crash the service.
SSDP listens on port 5000 by default. Connecting to port 5000 and submitting an unusual number of arbitrary characters, could cause the SSDP service to stop responding.
It has been reported that the SSDP causes an error in 'Msvcrt.dll', yet SSDP is the program which crashes.
Successful exploitation of this vulnerability could affect the detection of new network devices or services. A restart of the service maybe required in order to regain normal functionality.
* Conflicting reports exist; some users could not successfully replicate this issue.
Affected Products:
- Microsoft Windows ME
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
