CVE-2001-0162

Windows Embedded Compact 3.0.9348 - TCP Connection Spoofing via Predictable ISNs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0162.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Description

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions prior to fix)

No auth needed

Prerequisites: Network access to target system · Ability to observe TCP sequence numbers

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_misc

http://www.cs.jhu.edu/~seny/pubs/wince802.pdf

Scores

EPSS 0.1523

EPSS Percentile 96.3%

Details

Status published

Products (1)

microsoft/windows_embedded_compact 3.0.9348

Published Jan 01, 2001

Tracked Since Feb 18, 2026