Vulnerability Note VU#722753

Microsoft IP Source Route Vulnerability

Original Release date: 13 Jun 2006 | Last revised: 13 Jun 2006


A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.


Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.


A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.


Apply a patch

Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.


In addition to the patches, Microsoft has also published a number of workarounds for this issue in Microsoft Security Bulletin MS06-032. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-13 Jun 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: CVE-2006-2379
  • Date Public: 13 Jun 2006
  • Date First Published: 13 Jun 2006
  • Date Last Updated: 13 Jun 2006
  • Severity Metric: 38.27
  • Document Revision: 5


If you have feedback, comments, or additional information about this vulnerability, please send us email.