=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN324
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS06-025 - Vulnerability in Routing and Remote Access Could
Allow Remote Code Execution (911280)

Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP
	  Service Pack 2
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003
	  and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Full MS06-025 advisory:
http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx

Vulnerability Details

RRAS Memory Corruption Vulnerability - CVE-2006-2370 and
RASMAN Registry Corruption Vulnerability - CVE-2006-2371

	There is a remote code execution vulnerability in the Routing
	and Remote Access Service that could allow an attacker who
	successfully exploited this vulnerability to take complete control
	of the affected system.

	On Windows 2000 Service Pack 4 and Windows XP Service Pack 1,
	any anonymous user who could deliver a specially crafted message
	to the affected system could try to exploit this vulnerability.
	In order to exploit the vulnerability on Windows XP Service Pack
	2 and Windows Server 2003, an attacker must have valid login
	credentials to a target system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================