Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902588
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
Summary:The host is running Microsoft Windows and is prone to remote code; execution vulnerability.
Description:Summary:
The host is running Microsoft Windows and is prone to remote code
execution vulnerability.

Vulnerability Insight:
The flaw is due to insufficient validation of IP options and can be
exploited to cause a vulnerable system to stop responding and restart or may allow execution of arbitrary
code by sending a specially crafted IP packet to a vulnerable system.

Vulnerability Impact:
Successful exploitation will allow attacker to cause a denial of service
and possibly execute arbitrary code via crafted IP packets with malformed options.

Affected Software/OS:
- Microsoft Windows XP SP2 and prior

- Microsoft Windows 2000 Server SP4 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 13116
BugTraq ID: 13658
BugTraq ID: 13124
BugTraq ID: 10183
Common Vulnerability Exposure (CVE) ID: CVE-2005-0048
Cert/CC Advisory: TA05-102A
http://www.us-cert.gov/cas/techalerts/TA05-102A.html
CERT/CC vulnerability note: VU#233754
http://www.kb.cert.org/vuls/id/233754
ISS Security Advisory: 20050412 Windows IP Options Remote Compromise
http://xforce.iss.net/xforce/alerts/id/192
Microsoft Security Bulletin: MS05-019
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3824
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4549
Common Vulnerability Exposure (CVE) ID: CVE-2005-0688
Bugtraq: 20050305 Windows Server 2003 and XP SP2 LAND attack vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111005099504081&w=2
HPdes Security Advisory: HPSBST02161
http://www.securityfocus.com/archive/1/449179/100/0/threaded
HPdes Security Advisory: SSRT061264
Microsoft Security Bulletin: MS06-064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1685
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A482
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4978
http://secunia.com/advisories/22341
http://www.vupen.com/english/advisories/2006/3983
Common Vulnerability Exposure (CVE) ID: CVE-2004-0790
http://www.securityfocus.com/bid/13124
HPdes Security Advisory: HPSBTU01210
http://marc.info/?l=bugtraq&m=112861397904255&w=2
HPdes Security Advisory: HPSBUX01164
http://www.securityfocus.com/archive/1/418882/100/0/threaded
HPdes Security Advisory: SSRT4743
HPdes Security Advisory: SSRT4884
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3458
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A53
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A622
SCO Security Bulletin: SCOSA-2006.4
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt
http://secunia.com/advisories/18317
http://securityreason.com/securityalert/19
http://securityreason.com/securityalert/57
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
Common Vulnerability Exposure (CVE) ID: CVE-2004-1060
Cisco Security Advisory: 20050412 Crafted ICMP Messages Can Cause Denial of Service
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2188
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A405
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A899
Common Vulnerability Exposure (CVE) ID: CVE-2004-0230
http://www.securityfocus.com/bid/10183
Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search)
http://marc.info/?l=bugtraq&m=108302060014745&w=2
Cert/CC Advisory: TA04-111A
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
CERT/CC vulnerability note: VU#415294
http://www.kb.cert.org/vuls/id/415294
Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
HPdes Security Advisory: SSRT4696
http://marc.info/?l=bugtraq&m=108506952116653&w=2
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
NETBSD Security Advisory: NetBSD-SA2004-006
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
http://www.osvdb.org/4030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711
SCO Security Bulletin: SCOSA-2005.14
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
SCO Security Bulletin: SCOSA-2005.3
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
SCO Security Bulletin: SCOSA-2005.9
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
http://secunia.com/advisories/11440
http://secunia.com/advisories/11458
SGI Security Advisory: 20040403-01-A
ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
XForce ISS Database: tcp-rst-dos(15886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.