Microsoft IP Source Route Vulnerability

ID VU:722753
Type cert
Reporter CERT
Modified 2006-06-13T00:00:00



A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.


Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.


A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.


Apply a patch

Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.


In addition to the patches, Microsoft has also published a number of workarounds for this issue in Microsoft Security Bulletin MS06-032. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Microsoft Corporation| | -| 13 Jun 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>


Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: CVE-2006-2379
  • Date Public: 13 Jun 2006
  • Date First Published: 13 Jun 2006
  • Date Last Updated: 13 Jun 2006
  • Severity Metric: 38.27
  • Document Revision: 5