Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) Errors in the kernel's TCP/IP implementation (tcpip.sys) when handling IGMPv3 and MLDv2 queries can be exploited to cause a buffer overflow and crash the system or potentially execute arbitrary code via a specially crafted IGMPv3 or MLDv2 packet sequence.
NOTE: This vulnerability does not affect systems running Windows 2000.
2) An error in the kernel's TCP/IP implementation (tcpip.sys) when handling fragmented router advertisement ICMP queries can be exploited to cause the system to stop responding via a specially crafted ICMP query.
Successful exploitation requires that Router Discovery Protocol (RDP) is enabled (disabled by default).
NOTE: This vulnerability does not affect systems running Windows Vista.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows TCP/IP Implementation Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.