CVE-2009-1925

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2

Description: A remote code execution issue exists due to improper management of state information in the TCP/IP implementation. This allows remote attackers to execute arbitrary code by sending specially crafted TCP/IP packets to a listening service, causing the TCP/IP stack to misinterpret an unspecified field as a function pointer. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that properly cleans up state information in the TCP/IP stack. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that properly cleans up state information in the TCP/IP stack.