CVE-2007-0480

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 9.x through 12.x Cisco IOS XR versions 2.0.x through 3.2.x

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. Exploitation of the vulnerability may potentially allow for arbitrary code execution after processing one of these packets containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.

Recommendations For Cisco IOS versions 9.x through 12.x, update to a version that includes the fix for this issue. For Cisco IOS XR versions 2.0.x through 3.2.x, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the processing of ICMP, PIMv2, PGM, and URD packets containing crafted IP options in the IP header until a patch is available.