CVE-2005-1184

Windows 2000 and Windows 2003 Server - Denial of Service via TCP Keep Alive Packet Flood

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1184. PoCs published by Antonio M. D. S. Fortes.

AI-analyzed exploit summary This PoC exploits CVE-2005-1184 by sending crafted TCP packets with incorrect ACK numbers to trigger a DoS condition. It uses libpcap to sniff and inject packets into an established TCP session.

Description

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Antonio M. D. S. Fortes · cdosmultiple
https://www.exploit-db.com/exploits/25439

This PoC exploits CVE-2005-1184 by sending crafted TCP packets with incorrect ACK numbers to trigger a DoS condition. It uses libpcap to sniff and inject packets into an established TCP session.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Multiple TCP/IP stacks (Windows 98 SE, NT 4.0, 2000, 2003, XP, Linux 2.4.x/2.6.x)
No auth needed
Prerequisites: Established TCP connection to target · Network access to inject packets
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13215
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40502

Scores

EPSS 0.3700
EPSS Percentile 98.3%

Details

Status published
Products (10)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server datacenter_64-bit sp1
microsoft/windows_2003_server enterprise (2 CPE variants)
microsoft/windows_2003_server enterprise_64-bit (2 CPE variants)
microsoft/windows_2003_server r2 (3 CPE variants)
microsoft/windows_2003_server standard (2 CPE variants)
microsoft/windows_2003_server standard_64-bit
microsoft/windows_2003_server web (2 CPE variants)
microsoft/windows_98se
microsoft/windows_nt 4.0 (31 CPE variants)
Published May 02, 2005
Tracked Since Feb 18, 2026