• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

IGMP (Internet Group Management Protocol) is a communications protocol for managing IP multicast-group memberships. MLD (Multicast Listener Discovery) is the protocol used in the IPv6 protocol suite for discovering listeners for a specific multicast group.

Microsoft Windows is prone to a remote buffer-overflow vulnerability because the Windows kernel fails to sufficiently validate user-supplied data when storing the state of IGMPv3 and MLDv2 requests that are processed by TCP/IP. Specifically, the issue affects the 'tcpip.sys' driver and the way it handles SSM (Source Specific Multicast) timers.

To leverage this issue, attackers submit specially crafted IGMPv3 or MLDv2 requests to vulnerable computers.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will likely result in a bugcheck and denial-of-service conditions.

NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003. However, the default installations of Microsoft Windows Small Business Server 2003 and Microsoft Windows Home Server are affected by this vulnerability because IGMP is active by default.

Affected Products:

• HP Storage Management Appliance 2.1
• Microsoft Small Business Server 2003 0.0.0
• Microsoft Small Business Server 2003 Premium Edition 0.0.0
• Microsoft Small Business Server 2003 R2
• Microsoft Small Business Server 2003 R2 SP2
• Microsoft Small Business Server 2003 SP2
• Microsoft Windows Home Server
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Vista Business
• Microsoft Windows Vista Business 64-bit edition
• Microsoft Windows Vista Enterprise
• Microsoft Windows Vista Enterprise 64-bit edition
• Microsoft Windows Vista Home Basic
• Microsoft Windows Vista Home Basic 64-bit edition
• Microsoft Windows Vista Home Premium
• Microsoft Windows Vista Home Premium 64-bit edition
• Microsoft Windows Vista Ultimate
• Microsoft Windows Vista Ultimate 64-bit edition
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Embedded
• Microsoft Windows XP Embedded SP1
• Microsoft Windows XP Home
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Tablet PC Edition
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2

References:

• Avaya Inc.: ASA-2008-019: MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code
• IBM: Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilit
• Microsoft: Microsoft Security Bulletin MS08-001
• Microsoft: Microsoft Windows Homepage
• Security Vulnerability Research & Defense: MS08-001 (part 3) – The case of the IGMP network critical
• Security Vulnerability Research & Defense: MS08-001 - The case of the Moderate, Important, and Critical network vulnerabili
• US-CERT: Vulnerability Note VU#115083 Microsoft Windows IGMPv3 and MLDv2 processing vulne

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.