[PEN-TEST] RDP DOS

["krisk () kbeta com" <krisk () kbeta com>]

In Reference to CVE:
CAN-2001-0014 : Remote Data Protocol (RDP) in Windows 2000 Terminal Service
does not properly handle certain malformed packets, which allows remote
attackers to cause a denial of service, aka the "Invalid RDP Data"
vulnerability.
and MS bulletins:
http://www.microsoft.com/technet/security/bulletin/ms01-006.asp
http://www.microsoft.com/technet/security/bulletin/fq01-006.asp

Does anyone know specifically what type of "malformed packets" are being
referred to, the tools commonly used to generate them, or any known exploit
code for this? I haven't been able to locate any other specifics on this and
am especially curious to see how Citrix MetaFrame servers will respond to
the same data as well as coming up with some IDS updates to detect it...
Thanks!
K