Windows Vista ARP Entry Denial of Service Vulnerability

Affected Systems: Microsoft Windows XP Microsoft Windows Vista Description: BUGTRAQ ID: 23266 CVE(CAN) ID: CVE-2007-1531 There is a vulnerability in the mechanism of Windows Vista handling ARP requests, which could be exploited by remote attackers to cause Vista The network communication of the system is unstable or hijacked. If an attacker can forge ARP messages so that other hosts have the same IPv4 address as the Vista host, receiving such a message will cause the network card to become unstable; in addition, Vista allows unsolicited ARP messages to update existing ones. ARP entry, which causes a denial of service or redirected communication. The attacker must manually restart the NIC to resume normal operation. <*Source: Dr. James Hoagland Matt Conover ([email protected]) Tim Newsham ([email protected]) Kristian Hermansen Link: http://www.symantec.com/enterprise/security_response/weblog/2007/04 /microsofts_inaccurate_teredo_d.h *> Test Method: Warning The following programs (methods) may be offensive and are intended for security research and teaching purposes only. Users at their own risk! http://www.milw0rm.com/exploits/3926 Recommendation: Vendor Patch: Microsoft --------- Users of this software are advised to keep an eye on the vendor's homepage for the latest version: http ://www.microsoft.com/technet/security/