Microsoft Windows TCPIP.SYS Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	02/09/2009
Severity:	High
Operating Sysytem:	Microsoft Windows Vista
Applications Affected:	TCP/IP Stack
Type:	Remote
Identifiers:	CVE-2010-0239

Synopsis

TCP/IP Stack is prone to remote code execution vulnerability via insufficient bounds checking by a vulnerable function. After successful exploitation, remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

Threat Analysis

TCP/IP is the suite of communications protocols used for transmitting data over networks. TCP and IP are two of the protocols in this suite for providing end-to-end data flow without any error, loss and out of sequence. UDP also stands on same level as TCP in protocol suits.

TCP/IP Stack is prone to remote code execution vulnerability. This vulnerability exists via insufficient bounds checking on an attacker controlled length value by a function in TCPIP.SYS on windows platform. Successful exploitation allows to remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0239

Write-up by: Gaurav Bajpai