>> Microsoft Windows Routing and Remote Access Code Execution Issues (MS06-025)
Title : Microsoft Windows Routing and Remote Access Code Execution Issues (MS06-025) VUPEN ID : VUPEN/ADV-2006-2323 CVE ID : CVE-2006-2370 - CVE-2006-2371
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-13
Technical Description
Two vulnerabilities have been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. These flaws are due to buffer overflow errors in the Routing and Remote Access service that does not properly handle malformed messages, which could be exploited by remote attackers to execute arbitrary commands by sending a specially crafted request toa vulnerable system.
On Windows XP Service Pack 2 and Windows Server 2003 systems, an attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Note : A fully functional remote code execution exploit has been released.
Credits Vulnerabilities reported by Peter Winter-Smith and the vendor
ChangeLog 2006-06-13 : Initial release
2006-06-22 : Exploit Available
2006-06-24 : Microsoft Security Advisory (921923) Released Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
