F-Secure
Tools
Windows Vista "CreateIpForwardEntry2()" Memory Corruption Vulnerability
| Report ID: | SA32791 |
| Source: | Secunia |
| Date of Discovery: | 24.11.2008 |
| Criticality: | Negligible |
| Affects: | Microsoft Windows Vista |
| Compromise From: | Local system |
| Compromise Type: | DoS |
Summary
A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Detailed Description
A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to the "CreateIpForwardEntry2()" function not properly limiting the length of the IP address prefix of the destination IP address passed via the "MIB_IPFORWARD_ROW2" structure. This can be exploited to cause a buffer overflow and e.g. crash a vulnerable system.
Successful exploitation requires that the attacker is a member of the "Network Configuration Operators Group".
The vulnerability is reported in Microsoft Windows Vista Enterprise (32 bit and 64 bit) and Microsoft Windows Vista Ultimate (32 bit and 64 bit). Other versions may also be affected.
The vulnerability is caused due to the "CreateIpForwardEntry2()" function not properly limiting the length of the IP address prefix of the destination IP address passed via the "MIB_IPFORWARD_ROW2" structure. This can be exploited to cause a buffer overflow and e.g. crash a vulnerable system.
Successful exploitation requires that the attacker is a member of the "Network Configuration Operators Group".
The vulnerability is reported in Microsoft Windows Vista Enterprise (32 bit and 64 bit) and Microsoft Windows Vista Ultimate (32 bit and 64 bit). Other versions may also be affected.
Solution
Only add trusted users to the "Network Configuration Operators Group".
Original Reference
-