CVE-2001-0324

Windows 98 and Windows 2000 - Denial of Service via UDP Socket Exhaustion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0324. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This Java applet exploits a socket exhaustion vulnerability in Windows 2000 and 98 by repeatedly creating DatagramSocket instances, leading to a denial of service (DoS) condition. The attack prevents DNS resolution in Windows 2000 and blocks new TCP connections in Windows 98.

Description

Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textdoswindows

https://www.exploit-db.com/exploits/20613

View Code ZIP pw:eip

This Java applet exploits a socket exhaustion vulnerability in Windows 2000 and 98 by repeatedly creating DatagramSocket instances, leading to a denial of service (DoS) condition. The attack prevents DNS resolution in Windows 2000 and blocks new TCP connections in Windows 98.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 2000 and 98

No auth needed

Prerequisites: Victim must visit a malicious website or open a malicious email containing the applet

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0060.html

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2340

Scores

EPSS 0.1429

EPSS Percentile 96.1%

Details

Status published

Products (2)

microsoft/windows_2000

microsoft/windows_98

Published May 03, 2001

Tracked Since Feb 18, 2026