Security Home > Windows 95, 98 & ME

Malformed IPX NMPI Packet Vulnerability

A security vulnerability exists in Microsoft® Windows 95, Windows 98, 98SE and Windows Me which could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data.


The Microsoft IPX/SPX protocol implementation (NWLink) includes an NMPI (Name Management Protocol on IPX) listener that will reply to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and will therefore reply to a network broadcast address. Such a reply would in turn cause other IPX NMPI listener programs to also reply. This sequence of broadcast replies could generate a large amount of unnecessary network traffic. A machine that crashed due to this vulnerability could be put back into service by rebooting.

IPX is not installed by default in Windows 98, 98 Second Edition, or Windows Me, and is only installed by default in Windows 95 if there is a network card present in the machine at installation time. Even when IPX is installed, a malicious user’s ability to exploit this vulnerability would depend on whether he could deliver a malformed NMPI packet to an affected machine. Routers frequently are configured to drop IPX packets, and if such a router lay between the malicious user and an affected machine, he could not attack it. Routers on the Internet, as a rule, do not forward IPX packets, and this would tend to protect intranets from outside attack, as well as protecting machines connected to the Internet via dial-up connections.

Affected Products

  • Microsoft Windows 95, 98, 98SE and Me

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: October 11, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<