Cisco has had no known reports of malicious exploitation of this
This vulnerability has been discussed on the "firstname.lastname@example.org"
mailing list, and is therefore certain to be widely known in the cracker
community. The first public announcement of this vulnerability of which Cisco
is aware was on December 11, 1997.
The vulnerability can be exploited to crash systems with no special
tools or knowledge; no exploitation program as such is required.
Assuming that it is possible to exploit the vulnerability to take total
control of the system, an exploitation program would be needed in order to do
so. A person seeking to develop such an exploitation program would need to be a
competent assembly language programmer. She would also need detailed knowledge
of the internal workings of the IOS/700 software and/or the 7xx router
hardware. Such knowledge has not been made public by Cisco, but could be
obtained by reverse engineering or by theft of trade secrets from Cisco.