IIS NNTP XPAT DoS v1.12 Vulnerability exploited: CAN-2004-0574 - BID-11379 Category: Denial of Service/Remote This module shuts down the NNTP server in IIS or Exchange. This module exploits the vulnerabilities detailed in Core Security Technologies advisory CORE-2004-0802 to shutdown the Network News Transfer Protocol (NNTP) service on IIS and Exchange servers. The bugs exploited are present in the parser and query translator for the XPAT command. Supported Systems: Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Server - sp4 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Advanced Server - sp3 (i386) Windows 2000 Advanced Server - sp4 (i386) NNTP Service 5.00.0984 Version: 5.0.2159.1 NNTP Service 5.00.0984 Version: 5.0.2195.6702 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.