A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.
Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.
A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.
Apply a patch
Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.
This document was written by Chad R Dougherty.
|Date First Published:||2006-06-13|
|Date Last Updated:||2006-06-13 19:26 UTC|