CVE-2010-1892

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7

Description A denial of service issue exists due to improper handling of malformed IPv6 packets by the TCP/IP stack. This allows remote attackers to cause a system hang via crafted packets. The issue arises from an error in processing specially crafted IPv6 packets with a malformed extension header. An attacker could exploit this by sending a small number of specially crafted packets, causing the system to stop responding.

Recommendations For Microsoft Windows Vista versions SP1 through SP2, update to a version that properly handles IPv6 packets to prevent the system hang. For Microsoft Windows Server 2008 versions Gold through R2, apply configuration changes to restrict the processing of malformed IPv6 packets. For Microsoft Windows 7, consider disabling IPv6 support until a patch is available to mitigate the risk of exploitation.