CVE-2006-0021

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP1 through SP2 Microsoft Windows Server 2003 versions up to SP1

Description: A denial of service issue exists, allowing remote attackers to cause the system to hang via an IGMP packet with an invalid IP option. An attacker could send a specially crafted IGMP packet to the affected system, causing it to stop responding.

Recommendations: For Microsoft Windows XP versions SP1 through SP2, apply the necessary configuration changes to restrict the handling of IGMP packets. For Microsoft Windows Server 2003 versions up to SP1, restrict access to the system to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the handling of IGMP v3 packets until a patch is available.