Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-009.
Insight
Insight
The flaws are due to Windows TCP/IP stack, - not performing the appropriate level of bounds checking on specially crafted 'ICMPv6' Router Advertisement packets. - fails to properly handle malformed Encapsulating Security Payloads (ESP) over UDP datagram fragments while running a custom network driver that splits the UDP header into multiple MDLs, which could be exploited by remote attackers to execute arbitrary code by sending specially crafted IP datagram fragments to a vulnerable system. - not performing the appropriate level of bounds checking on specially crafted ICMPv6 Route Information packets, which could be exploited by remote attackers to execute arbitrary code by sending specially crafted ICMPv6 packets to a vulnerable system. - not properly handling TCP packets with a malformed selective acknowledgment (SACK) value.
Affected Software
Affected Software
Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior.
Solution
Solution
The vendor has released updates. Please see the references for more information.