A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.
Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.
A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.
Apply a patch
Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.
In addition to the patches, Microsoft has also published a number of workarounds for this issue in Microsoft Security Bulletin MS06-032. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.
Vendor| Status| Date Notified| Date Updated
Microsoft Corporation| | -| 13 Jun 2006
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.
This document was written by Chad R Dougherty.