MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
High Nessus Plugin ID 48295
SynopsisThe remote host has multiple vulnerabilities in its TCP/IP implementation.
DescriptionThe TCP/IP stack installed on the remote Windows host is affected by one or more of the following vulnerabilities :
- An error exists in the Windows TCP/IP stack when processing specially crafted IPv6 packets with a malformed extension header that could cause the affected system to stop responding if IPv6 features are enabled, which is true by default in Windows Vista and 2008. (CVE-2010-1892)
- The Windows TCP/IP stack fails to properly handle data copied from user mode, which could result in an integer overflow and allow a local attacker to run arbitrary code with system-level privileges. (CVE-2010-1892)
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.