Check Point Advisories

Preemptive Protection against Microsoft IP Source Route Vulnerability (MS06-032)

Check Point Reference: CPAI-2006-064
Date Published: 14 Jun 2006
Severity: Medium
Last Updated: Tuesday 08 May, 2007
Source: Microsoft Security Bulletin MS06-032
Industry Reference:CVE-2006-2379
US-CERT VU#722753
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Vulnerability Description IP source routing is a mechanism which allows the sender to determine the IP route that an IP packet should take through the network. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. An attacker could try to exploit the vulnerability by creating a specially crafted network packet and sending the packet to an affected system.  Successful exploitation will most likely cause a crash, but may potentially allow execution of arbitrary code.
Update/Patch AvaliableMicrosoft has published patches for this issue in Microsoft Security Bulletin MS06-032.
Vulnerability DetailsThe TCP/IP driver in some versions of Microsoft Windows fails to validate the length of a message before it is passed to an allocated buffer. According to Microsoft, IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components. Note that exploitation requires that "IP Source Routing" is enabled (disabled by default on Windows XP SP2 and Windows Server 2003 SP1) or the "Routing and Remote Access Service" is enabled (disabled by default).

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.