Saturday, 28 October 2006

Internet Connection Sharing DoS

Vendor:: Microsoft
Application:: Windows
Disclosed:: 28-10-06
Description:: Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
Exploit:: Remote Shutdown of Windows Firewall from LAN
Thus vulnerability allows for the remote shutdown of the Windows firewall from the LAN side.
This vulnerability cannot be exploited across the Internet (WAN) side of the network.
Prevention:: Deny service to the Internet Connection Sharing Service by disabling the service, or blocking udp/53 on the host running ICS.
First Public PoC Code Disclosure (Denial of Service)

No comments: