WinCOM LPD DoS Advisory Code: VIGILANTE-2000013 Release Date: September 19, 2000 Systems Affected: - WinCOM LPD V1.00.90 for Windows NT THE PROBLEM A continuos stream of LPD options, sent to the LPD port (default TCP port 515) on the host running WinCOM, will eventually consume all the memory on that host. Vendor Status: The vendor was contacted on the 8th of September and the vulnerability was verified by them on the 19th of September. Fix: There is currently no known release date for a fix. Vendor replied: "I do not have any release date to offer you. It will be fixed in a future release. Thank you for bringing this to our attention." Vendor URL: http://www.ipswitch.com Product URL: http://www.ipswitch.com/cgi/download_eval.pl Copyright VIGILANTe 2000-09-12 Disclaimer: The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user's responsibility. Feedback: Please send suggestions, updates, and comments to: VIGILANTe mailto: isis@vigilante.com http://www.vigilante.com