Vulnerability Note VU#230208
Intel Centrino wireless network drivers fail to properly handle malformed frames
Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to properly handle malformed frames. If a remote attacker within transmitting range of an affected wireless adapter sends a specially crafted frame to that adapter, they may be able to trigger this vulnerability.
Affected drivers include w22n50.sys, w22n51.sys, w29n50.sys, and w29n51.sys. For more information refer to INTEL-SA-00001.
An unauthenticated, remote attacker may be able to execute arbitrary code with kernel-level privileges.
Upgrade Intel drivers
Intel® is a supplier of laptop components and does not manufacture or sell complete laptop systems. The software provided by Intel ... is a generic version. Each laptop computer original equipment manufacturer (OEM) may have altered the features, incorporated customizations, or made other changes to the software or software packaging they provide. The software provided has not been verified by your laptop manufacturer as to compatibility or other operation.
Disable the affected wireless adapter
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Dell Computer Corporation, Inc.||Affected||10 Aug 2006||08 Sep 2006|
|Intel Corporation||Affected||-||07 Aug 2006|
|Hewlett-Packard Company||Unknown||10 Aug 2006||10 Aug 2006|
|IBM Corporation||Unknown||10 Aug 2006||10 Aug 2006|
|Microsoft Corporation||Unknown||10 Aug 2006||10 Aug 2006|
|NEC Corporation||Unknown||10 Aug 2006||10 Aug 2006|
|Sony Corporation||Unknown||10 Aug 2006||10 Aug 2006|
|Toshiba||Unknown||10 Aug 2006||10 Aug 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Intel Security Bulletin CS-023065
This document was written by Ryan Giobbi and Jeff Gennari.
- CVE IDs: CVE-2006-3992
- Date Public: 28 Jul 2006
- Date First Published: 07 Aug 2006
- Date Last Updated: 31 May 2007
- Severity Metric: 12.72
- Document Revision: 97
If you have feedback, comments, or additional information about this vulnerability, please send us email.