AnsweredAssumed Answered

Microsoft Windows IPv6 Protocol Stack Network Discovery Design Error Vulnerability - Zero Day

Question asked by zentiva on Apr 21, 2011
Latest reply on Aug 16, 2013 by Qualys Boss

Hello,


Does anyone have experience with this vulnerability? I know that this is a "zero day" vulnerability, Microsoft has yet to release a patch. But what can we do about it?


M.

 

(severity 3) Microsoft Windows IPv6 Protocol Stack Network Discovery Design Error Vulnerability - Zero Day

QID: 118925
Category: Local
CVE ID: CVE-2010-4669
Vendor Reference: -
Bugtraq ID: -
Service Modified: 01/20/2011
User Modified: -
Edited: No
PCI Vuln: No

 

THREAT:
Microsoft Windows is prone to a denial of service vulnerability.
A design error vulnerability exists in the IPv6 protocol stack as implemented in various Windows operations systems. Specifically, the protocol stack
fails to handle many Router Advertisement messages with different sources.

 

Affected Versions:
Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7

 

IMPACT:
If this vulnerability is successfully exploited, attackers can cause a denial of service on the targeted host.

 

SOLUTION:
There are no vendor-supplied patches available at this time.

 

COMPLIANCE:
Not Applicable

 

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

 

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

 

RESULTS:
Microsoft Windows IPv6 Protocol Stack Network Discovery Design Error DoS Vulnerability Detected.

Outcomes