Vulnerability Description
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.htmlExploit
- http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.Exploit
- http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4
- http://www.securityfocus.com/bid/45760
- http://www.youtube.com/watch?v=00yjWB6gGy8Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64583
- http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.htmlExploit
- http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.Exploit
- http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4
- http://www.securityfocus.com/bid/45760
- http://www.youtube.com/watch?v=00yjWB6gGy8Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64583
FAQ
What is CVE-2010-4669?
CVE-2010-4669 is a vulnerability with a CVSS score of 7.8 (HIGH). The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a...
How severe is CVE-2010-4669?
CVE-2010-4669 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4669?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows Xp.