CVE-1999-0715

Windows 2000 and NT - Buffer Overflow in Remote Access Service via Malformed Phonebook Entry

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0715. PoCs published by David Litchfield.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in the Microsoft Windows NT RAS Service (RASMAN.EXE) by crafting a malicious rasphone.pbk file. The overflow occurs in the RasGetDialParams function when processing an overly long phone number, allowing arbitrary code execution with LocalSystem privileges.

Description

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

Exploits (1)

exploitdb WORKING POC VERIFIED
by David Litchfield · clocalwindows
https://www.exploit-db.com/exploits/19211

This exploit demonstrates a buffer overflow in the Microsoft Windows NT RAS Service (RASMAN.EXE) by crafting a malicious rasphone.pbk file. The overflow occurs in the RasGetDialParams function when processing an overly long phone number, allowing arbitrary code execution with LocalSystem privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows NT RAS Service (RASMAN.EXE) on Windows NT 4.0 (SP3 & SP4)
No auth needed
Prerequisites: Local access to the target system · Ability to create/modify rasphone.pbk file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230677

Scores

EPSS 0.0313
EPSS Percentile 86.2%

Details

Status published
Products (3)
microsoft/windows_2000
microsoft/windows_nt
microsoft/windows_nt 4.0
Published May 20, 1999
Tracked Since Feb 18, 2026