| Check Point Reference: |
CPAI-2006-149 |
| Date Published: |
14 Dec 2006 |
| Severity: |
Low
|
| Last Updated: |
Thursday 03 May, 2007 |
| Source: |
Microsoft Security Bulletin MS06-064 |
| Industry Reference: | CVE-2005-1649
CVE-2005-0688 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows XP
Microsoft Windows XP SP1
Microsoft Windows XP SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1 |
| Vulnerability Description |
A denial of service vulnerability has been detected in Microsoft Windows IPv6 TCP/IP stack. Internet Protocol version 6 (IPv6) is a new version of IP that follows IPv4 as the second version of the Internet Protocol. The primary purpose of IPv6 is to solve the problem of the shortage of IP addresses. An attacker may exploit the vulnerability to crash an affected system. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS06-064 |
| Vulnerability Details | The vulnerability is due to an error in the IPv6 TCP/IP stack when processing a malformed TCP packet. A remote attacker can exploit this flaw by specially crafting a packet with the 'SYN' flag set, and the source address and port are the same as the destination source and port, AKA a 'LAND' attack. Successful exploitation may result in crashing the target system. |
Feedback