RDP DOS any specifics?

["krisk () kbeta com" <krisk () kbeta com>]

In Reference to CVE:
CAN-2001-0014 : Remote Data Protocol (RDP) in Windows 2000 Terminal Service
does not properly handle certain malformed packets, which allows remote
attackers to cause a denial of service, aka the "Invalid RDP Data"
vulnerability.
and MS bulletins:
http://www.microsoft.com/technet/security/bulletin/ms01-006.asp
http://www.microsoft.com/technet/security/bulletin/fq01-006.asp

Does anyone know specifically what type of "malformed packets" are being
referred to, if a specific tool is being used to generate them, or any known
exploit
code for this? I haven't been able to locate any other specifics on this and
am especially curious to see how Citrix MetaFrame servers will respond to
the same type of data as well as coming up with some IDS updates to detect
it...
Thanks!
K