Content
Microsoft Windows Internet Connection Sharing Denial-of-Service
- Type
- Buffer Overflow
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- Medium
- CVE reference
- CVE-2006-5614,
- Vendor Status
- Unacknowledged
- Vulnerable systems
- Windows XP SP2,
- Summary
- A vulnerability exists in Microsoft Windows XP that may allow for remote denial of service (DoS) attacks. This may be exploited by local attackers sending malicious traffic.
Tab Navigation
Description
Windows XP is a popular office and home operating system developed by Microsoft. A vulnerability exists in Microsoft Windows XP that may allow for remote denial-of-service (DoS) attacks. This vulnerability is exposed only if Internet Connection Sharing (ICS) is enabled in Windows. If ICS is enabled, then an attacker on the local network could send a vulnerable computer a malicious, specially-crafted DNS query that would crash the ICS service. This query exploits a NULL-pointer dereferencing error in Windows NAT Helpers Components, ipnathlp.dll.
McAfee Product Mitigation & Recommendations
Recommendations
McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- [0day] IPNATHLP.DLL Malformed DNS Denial of Service
- Signature identifier:
- 3780
- Release date:
- 11/14/2006
- First released in:
- security content 739
Additional Resources
Remote DoS released targets Windows Firewall/Internet Connection Sharing (ICS) service component (NEW)
http://isc.sans.org/diary.php?storyid=1809
Microsoft Windows Internet Connection Sharing Denial of Service
All Information
Timeline -
10/30/2006
Vulnerability information has been publicly disclosed.
10/30/2006
Exploit code has been released.
10/29/2006
Vulnerability information has been publicly disclosed.
10/28/2006
Exploit code has been released.
Description -
Windows XP is a popular office and home operating system developed by Microsoft. A vulnerability exists in Microsoft Windows XP that may allow for remote denial-of-service (DoS) attacks. This vulnerability is exposed only if Internet Connection Sharing (ICS) is enabled in Windows. If ICS is enabled, then an attacker on the local network could send a vulnerable computer a malicious, specially-crafted DNS query that would crash the ICS service. This query exploits a NULL-pointer dereferencing error in Windows NAT Helpers Components, ipnathlp.dll.
McAfee Product Mitigation & Recommendations
Recommendations -
McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- [0day] IPNATHLP.DLL Malformed DNS Denial of Service
- Signature identifier:
- 3780
- Release date:
- 11/14/2006
- First released in:
- security content 739
Additional Resources
Additional Resources -
Remote DoS released targets Windows Firewall/Internet Connection Sharing (ICS) service component (NEW)
http://isc.sans.org/diary.php?storyid=1809
