Sumit Gwalani

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to insufficient bounds checking when processing specially crafted ICMPv6 Router Advertisement packets. This allows an anonymous attacker to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling IPv6 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to improper handling of local fragmentation of Encapsulating Security Payload (ESP) over UDP packets when a custom network driver is used. This allows remote attackers to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. As a temporary workaround, consider disabling custom network drivers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** The issue arises from insufficient bounds checking in the TCP/IP implementation when processing specially crafted ICMPv6 Route Information packets, allowing remote attackers to execute arbitrary code. This could enable an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. As a temporary workaround, consider disabling IPv6 on affected systems until a patch is available.