Advertisement






Microsoft Windows DHCP Client Service Remote Buffer Overflow

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006070052

Below is a copy:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Window
s_DHCP_Client_Service_Remote_Buffer_Overflow.pdf )

CYBSEC S.A.
www.cybsec.com

Pre-Advisory Name: Microsoft Windows DHCP Client Service Remote Buffer Overflow
==================

Vulnerability Class: Buffer Overflow
====================

Release Date: 07/11/2006
=============

Affected Platforms:
===================
* Microsoft Windows 2000 (<= SP4)
* Microsoft Windows XP (<= SP2)
* Microsoft Windows 2003 (<= SP1)

Local / Remote: Remote
===============

Severity: High
=========

Author:  Mariano Nu&ntilde;ez Di Croce
=======

Vendor Status:
==============
* Confirmed, update released.

Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
==========================
A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service.

Technical Details:
==================
Technical details will be released 30 days after publication of this pre-advisory.
This was agreed upon with Microsoft to allow their customers to upgrade affected software prior to technical knowledge been publicly available.

Impact:
=======
Exploiting this vulnerability, an attacker would be able to execute code remotely with SYSTEM privileges over DHCP-enabled Microsoft Windows systems.

Solutions:
==========
Microsoft has released a hotfix to address this vulnerability.
Customers should apply the hotfix immediately or upgrade their systems through Microsoft Windows Update system.

Vendor Response:
================
* 12/26/2005: Initial Vendor Contact.
* 01/19/2006: Vendor Confirmed Vulnerability.
* 07/11/2006: Vendor Releases Update.
* 07/11/2006: Pre-Advisory Public Disclosure.

Contact Information:
====================
For more information regarding the vulnerability feel free to contact
the author at mnunez {at} cybsec.com.

For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems

- --
- ------------------------------
Mariano Nu&ntilde;ez Di Croce

CYBSEC S.A. Security Systems
Email: mnunez (at) cybsec (dot) com [email concealed]
Tel/Fax: (54-11) 4382-1600
Web: http://www.cybsec.com
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x26B20899
- ------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEs+e0bbZGNCayCJkRAtxlAJ4r6zKhP2Uv/Tq8YOoAErDXn9lc8wCfcy8W
EMk1oIYCbhnNnm1PlElLpi8=
=3ZFG
-----END PGP SIGNATURE-----

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum