[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Is Windows TCP/IP source routing PoC code available?

To: vuln-dev@xxxxxxxxxxxxxxxxx, Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Is Windows TCP/IP source routing PoC code available?
From: Denis Jedig <seclists@xxxxxxxxxxxx>
Date: Sun, 25 Jun 2006 20:03:24 +0200

Greetings to the list,

As known, Microsoft did announce a security vulnerability concerning anoverflow within the TCP/IP stack implementation when source routingfields are used:

http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx

Is anyone aware of an exploit or POC code for this vulnerability? Thesecurity bulletin states that Windows XP SP2 and Windows Server 2003 SP1are "secure by default" due to disabled source routing. However, it doesnot provide sufficient information regarding other operating systemsaffected, so I would like to check out by myself.


Regards,

Denis Jedig
syneticon networks GbR

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: Is Windows TCP/IP source routing PoC code available?
  - From: 3APA3A

References:
- [Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
  - From: Alexander Hristov

Prev by Date: [Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
Next by Date: Re: [Full-disclosure] ................................................Oo...............................................
Previous by thread: [Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
Next by thread: [Full-disclosure] Re: Is Windows TCP/IP source routing PoC code available?
Index(es):
- Date
- Thread