CVE-2005-0048

Microsoft Windows 2000 and XP - Remote Code Execution via Malformed IP Packet Options

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0048. PoCs published by Yuri Gushin, Song Liu.

AI-analyzed exploit summary This exploit sends a malformed TCP/IP packet with an IP option size of 39, triggering an off-by-one error in Microsoft Windows' IP stack, leading to a denial of service. The PoC constructs a packet with a crafted IP options field to demonstrate the vulnerability.

Description

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Yuri Gushin · cremotewindows
https://www.exploit-db.com/exploits/25384

This exploit sends a malformed TCP/IP packet with an IP option size of 39, triggering an off-by-one error in Microsoft Windows' IP stack, leading to a denial of service. The PoC constructs a packet with a crafted IP options field to demonstrate the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (various versions, 2005 era)
No auth needed
Prerequisites: Network access to target · Ability to send raw IP packets
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Song Liu · perldoswindows
https://www.exploit-db.com/exploits/25383

This Perl script exploits CVE-2005-0048 by sending malformed TCP/IP packets with crafted IPv4 options to trigger a denial of service or potential remote code execution on vulnerable Microsoft Windows systems.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (various versions, pre-2005 patches)
No auth needed
Prerequisites: Network access to target · Perl with Net::Pkt module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
cdoswindows
https://www.exploit-db.com/exploits/942

This exploit demonstrates a DoS vulnerability in Windows by sending a malformed IP packet with an option size of 39, causing an off-by-one error. The PoC constructs a raw IP packet with a TCP header and malformed IP options to trigger the crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (various versions, likely pre-2005)
No auth needed
Prerequisites: libnet library · raw socket permissions
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3824
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1744
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/233754
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4549
Vendor Advisory third-party-advisory x_refsource_iss
http://xforce.iss.net/xforce/alerts/id/192
Patch, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-102A.html

Scores

EPSS 0.6810
EPSS Percentile 98.6%

Details

Status published
Products (2)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_xp (10 CPE variants)
Published May 02, 2005
Tracked Since Feb 18, 2026