CVE-2008-5229

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions Gold and SP1

Description A stack-based buffer overflow issue exists in the Microsoft Device IO Control in iphlpapi.dll. This issue allows local users in the Network Configuration Operator group to potentially gain privileges or cause a denial of service, resulting in a system crash. The issue can be triggered by providing a large invalid PrefixLength to the CreateIpForwardEntry2 method. An example of this is through the use of a "route add" command.

Recommendations For Microsoft Windows Vista versions Gold and SP1, consider restricting access to the Network Configuration Operator group to minimize the risk of exploitation. As a temporary workaround, avoid using the CreateIpForwardEntry2 method with large invalid PrefixLength values until a fix is available.