| Check Point Reference: |
CPAI-2006-064 |
| Date Published: |
14 Jun 2006 |
| Severity: |
Medium
|
| Last Updated: |
Tuesday 08 May, 2007 |
| Source: |
Microsoft Security Bulletin MS06-032 |
| Industry Reference: | CVE-2006-2379
US-CERT VU#722753 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition |
| Vulnerability Description |
IP source routing is a mechanism which allows the sender to determine the IP route that an IP packet should take through the network. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. An attacker could try to exploit the vulnerability by creating a specially crafted network packet and sending the packet to an affected system. Successful exploitation will most likely cause a crash, but may potentially allow execution of arbitrary code. |
| Update/Patch Avaliable | Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. |
| Vulnerability Details | The TCP/IP driver in some versions of Microsoft Windows fails to validate the length of a message before it is passed to an allocated buffer. According to Microsoft, IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components. Note that exploitation requires that "IP Source Routing" is enabled (disabled by default on Windows XP SP2 and Windows Server 2003 SP1) or the "Routing and Remote Access Service" is enabled (disabled by default). |
Feedback