Oval Definition:	oval:org.mitre.oval:def:6340
Revision Date: 2009-10-19 Version: 21 Title: TCP/IP Zero Window Size Vulnerability Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2008-4609 Platform(s): Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Definition Synopsis Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed OR Windows XP SP2/SP3 Microsoft Windows XP (x86) SP2 is installed OR Microsoft Windows XP (x86) SP3 is installed OR Microsoft Windows XP x64 Edition SP2 is installed OR Windows Server 2003 X86/X64/IA64 SP2 OS section Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed AND vulnerable versions the version of Tcpip.sys is less than 5.2.3790.4573 OR The version of Tcpip6.sys is less than 5.2.3790.4573 OR Windows Vista x86/x64 OS section Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND The version of Tcpip.sys is less than 6.0.6000.16908 AND the version of Tcpip.sys is greater than or equal 6.0.6000.16000 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 OS section Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND The version of Tcpip.sys is less than 6.0.6001.18311 AND the version of Tcpip.sys is greater than or equal 6.0.6001.18000 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 OS section Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND The version of Tcpip.sys is less than 6.0.6002.18091 AND the version of Tcpip.sys is greater than or equal 6.0.6002.18000 OR Windows Vista x86/x64 OS section Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND The version of Tcpip.sys is less than 6.0.6000.21108 AND the version of Tcpip.sys is greater than or equal 6.0.6000.20000 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 OS section Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND The version of Tcpip.sys is less than 6.0.6001.22497 AND the version of Tcpip.sys is greater than or equal 6.0.6001.22000 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 OS section Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND The version of Tcpip.sys is less than 6.0.6002.22200 AND the version of Tcpip.sys is greater than or equal 6.0.6002.22000
BACK