=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN331
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows XP Service Pack 1
	  and Microsoft Windows XP Service Pack 2
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003
	  and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Full MS06-032 advisory:
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx

Vulnerability Details

IP Source Route Vulnerability - CVE-2006-2379

	There is a remote code execution vulnerability in the TCP/IP
	Protocol driver that could allow an attacker who successfully
	exploited this vulnerability to take complete control of the
	affected system.

	Any anonymous user who could deliver a specially crafted message
	to the affected system could try to exploit this vulnerability.
	Machines on which has been enabled Routing and Remote Access are
	primarily at risk from this vulnerability.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================