Microsoft Windows ESP-UDP Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	02/09/2009
Severity:	High
Operating Sysytem:	Microsoft Windows Vista Microsoft Windows Server 2008
Applications Affected:	TCP/IP Stack
Type:	Remote
Identifiers:	CVE-2010-0240

Synopsis

TCP/IP Stack is prone to remote code execution vulnerability via invalid argument accessed by a vulnerable function. After successful exploitation, remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

Threat Analysis

TCP/IP is the suite of communications protocols used for transmitting data over networks. TCP and IP are two of the protocols in this suite for providing end-to-end data flow without any error, loss and out of sequence. UDP also stands on same level as TCP in protocol suits.

TCP/IP Stack is prone to remote code execution vulnerability. This vulnerability exists in a routine that handles ESP/UDP datagram where we passed an argument of the wrong type. Successful exploitation allows to remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0240

Write-up by: Gaurav Bajpai