Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SSL packet is processed by the Microsoft SSL Library, and will result in loss of availability for the platform.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Bugtraq ID: 10115
• Secunia Advisory ID: 11064
• CERT VU: 150236
• ISS X-Force ID: 15712 15818
• Milw0rm: 176
• Exploit Database: 176
• CVE ID: 2004-0120 (see also: NVD)
• Related OSVDB ID: 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5261
• SCIP VulDB ID: 601
• OVAL ID: 885 886 892
• Packet Storm: http://packetstormsecurity.nl/0404-exploits/sslbomb.c
• Microsoft Security Bulletin: MS04-011
• CIAC Advisory: o-114
• US-CERT Cyber Security Alert: TA04-104A

• John Lampe - jwlampenessus.org - Tenable Security