Microsoft Windows Internet Connection Sharing Denial of Service Date: Wednesday, November 01, 2006 @ 01:05:21 CST Topic: Security SECUNIA ADVISORY ID: SA22592 VERIFY ADVISORY: http://secunia.com/advisories/22592/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Microsoft Windows XP Home Edition - http://secunia.com/product/16/ Microsoft Windows XP Professional - http://secunia.com/product/22/ DESCRIPTION: h07 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in Windows NAT Helper Components (ipnathlp.dll). This can be exploited to crash the service via a specially crafted DNS query. Successful exploitation requires that Internet Connection Sharing is enabled and the query is received from a client on the shared network interface. The vulnerability is confirmed in a fully patched Windows XP SP2 system. Other versions may also be affected. SOLUTION: Use another way of sharing the Internet connection. PROVIDED AND/OR DISCOVERED BY: h07 ORIGINAL ADVISORY: http://milw0rm.com/exploits/2672 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2484