Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
BID:23266
Info
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
| Bugtraq ID: | 23266 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1531 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2007 12:00AM |
| Updated: | Oct 01 2007 08:49PM |
| Credit: | Dr. James Hoagland, Matt Conover, Tim Newsham and Ollie Whitehouse are credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Windows Vista December CTP Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista beta 2 Microsoft Windows Vista Beta 1 Microsoft Windows Vista Beta Microsoft Windows Vista 0 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition Release Candidate |
| Not Vulnerable: | |
Discussion
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
Microsoft Windows Vista is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer. To exploit this issue, attackers must have access to the local network segment of a target computer.
Remote attackers can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users.
Microsoft Windows Vista is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer. To exploit this issue, attackers must have access to the local network segment of a target computer.
Remote attackers can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users.
Exploit / POC
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
An attacker may exploit this issue using readily available network tools.
The following proof of concept is available:
An attacker may exploit this issue using readily available network tools.
The following proof of concept is available:
Solution / Fix
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Windows Server 2008 Product Page (Microsoft)
- Windows Vista Network Attack Surface Analysis (Symantec)