Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-036 - unchecked buffer Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-036 - unchecked buffer Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
MS06-036 has been issued, MS has said systems "Primarily" at risk are Microsoft Windows 2000, Windows XP and Windows Server 2003.

"How could an attacker exploit the vulnerability?
An attacker could exploit the vulnerability by answering a client's DHCP request on the local subnet with malformed packets."

"Could the vulnerability be exploited over the Internet?
An attacker could try to exploit this vulnerability over the Internet."

"Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, however the vulnerability is not critical."

CVE-2006-2372

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!