Skip navigation

Multiple Vulnerabilities in WinRoute Pro

Reported January 2, 2001, by Peter Miller

  • WinRoute Pro 4.1


Two vulnerabilities have been discovered in WinRoute Pro 4.1. The first is a low-risk flaw that causes the software to not function if you've enabled memory write protection under Windows 2000. During the installation process, WinRoute Pro disables memory write protection, which leaves the system less stable and vulnerable to various security threats.

The second vulnerability presents a medium security risk. By default, WinRoute Pro lets anyone use Windows NT domain credentials to access mailboxes. If you use POP3 to access mail, WinRoute Pro lets you send this information in clear text, which could lead to the compromise of your network.


Tiny Software has been notified and claims that there is no easy way to address the first issue. The company plans to address the second issue with its new version of software, expected release time of June 2001.

The original advisories released by Peter Miller to the Win2KSecAdvice mailing list are available at:

Discovered by
Peter Miller

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.