CVE-2004-1060
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Several potential security vulnerabilities have been identified in the HP Tru64 UNIX TCP/IP including ICMP, and Initial Sequence Number generation (ISNs). These exploits could result in a remote Denial of Service (DoS) from network throughput reduction for TCP connections, the reset of TCP connections, or TCP spoofing.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2004-04-12 CVE Published
- 2004-11-23 CVE Reserved
- 2005-04-17 First Exploit
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (23)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/37801 | 2005-06-01 | |
| https://www.exploit-db.com/exploits/942 | 2005-04-17 | |
| https://www.exploit-db.com/exploits/25388 | 2013-05-21 |
| URL | Date | SRC |
|---|