CVE-2002-1561

Windows 2000 and NT 4.0 - Denial of Service via Malformed RPC Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2002-1561. PoCs published by Trancer, lion, anonymous.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in the Microsoft Windows RPC service by sending malformed packets to TCP port 135. It includes multiple crafted payloads to trigger the vulnerability and can be looped to repeatedly attack a target system.

Description

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Trancer · cdoswindows
https://www.exploit-db.com/exploits/21952

This exploit targets a denial-of-service vulnerability in the Microsoft Windows RPC service by sending malformed packets to TCP port 135. It includes multiple crafted payloads to trigger the vulnerability and can be looped to repeatedly attack a target system.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows NT 4.0, Windows 2000, Windows XP (RPC service)
No auth needed
Prerequisites: Network access to target's TCP port 135
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by lion · cdoswindows
https://www.exploit-db.com/exploits/21951

This exploit sends malformed RPC packets to TCP port 135, causing a denial of service (DoS) by disabling the RPC service on vulnerable Windows systems (Windows 2000, NT 4.0, and XP). The code constructs and sends multiple malformed packets to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows RPC service (Windows 2000, NT 4.0, XP)
No auth needed
Prerequisites: Network access to TCP port 135 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by anonymous · textdoswindows
https://www.exploit-db.com/exploits/21954

The provided text describes a denial-of-service vulnerability in the Microsoft Windows RPC service (CVE-2002-1561), affecting Windows 2000, NT 4.0, and XP. The flaw can be triggered by sending a malformed packet to TCP port 135, disabling the RPC service.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows RPC service (Windows 2000, NT 4.0, XP)
No auth needed
Prerequisites: Network access to TCP port 135
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rapid7 · textdoswindows
https://www.exploit-db.com/exploits/21953

The provided text describes a denial-of-service vulnerability in the Microsoft Windows RPC service (CVE-2002-1561), affecting Windows 2000, NT 4.0, and XP. The flaw can be triggered by sending a malformed packet to TCP port 135, disabling the RPC service.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows RPC service (Windows 2000, NT 4.0, XP)
No auth needed
Prerequisites: Network access to TCP port 135
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6005
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A59
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/261537
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0

Scores

EPSS 0.3800
EPSS Percentile 98.4%

Details

Status published
Products (4)
microsoft/windows_2000 (4 CPE variants)
microsoft/windows_2000_terminal_services (4 CPE variants)
microsoft/windows_nt 4.0 (32 CPE variants)
microsoft/windows_xp (5 CPE variants)
Published Apr 02, 2003
Tracked Since Feb 18, 2026