Re: Microsoft VISTA TCP/IP stack buffer overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft VISTA TCP/IP stack buffer overflow
From: dale@xxxxxxxxxxx
Date: 25 Nov 2008 20:24:24 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

So, let me try and understand this.

According to what you have written, and the MSDN documentation on this 
CreateIpForwardEntry2 call, you need to be (at least) a member of the 
Administrators group.

So how is this "security vulnerability" any different to me creating a program, 
which will require the same Administrative rights, to say, wipe the boot 
configuration file?

Follow-Ups:
- Re: Microsoft VISTA TCP/IP stack buffer overflow
  - From: Edi Strosar

Prev by Date: [security bulletin] HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary Code Execution
Next by Date: RSA EnVision Remote Password Disclosure
Previous by thread: Microsoft VISTA TCP/IP stack buffer overflow
Next by thread: Re: Microsoft VISTA TCP/IP stack buffer overflow
Index(es):
- Date
- Thread