Oval Definition:oval:org.mitre.oval:def:8400
Revision Date:2010-03-22Version:20
Title:Header MDL Fragmentation Vulnerability
Description:The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-0240
Platform(s):Microsoft Windows Server 2008
Microsoft Windows Vista
Product(s):
Definition Synopsis
  • Vulnerable Microsoft Windows Vista x86/x64 - GDR
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND The version of Tcpip.sys is less than 6.0.6000.16973
  • AND the version of Tcpip.sys is greater than or equal 6.0.6000.16000
  • OR Vulnerable Microsoft Windows Vista x86/x64 - LDR
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND The version of Tcpip.sys is less than 6.0.6000.21175
  • AND the version of Tcpip.sys is greater than or equal 6.0.6000.20000
  • OR Vulnerable Microsoft Windows Vista SP1 x86/x64, Server 2008 32bit/x64/ia64 - GDR
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND The version of Tcpip.sys is less than 6.0.6001.18377
  • AND the version of Tcpip.sys is greater than or equal 6.0.6001.18000
  • OR Vulnerable Microsoft Windows Vista SP1 x86/x64, Server 2008 32bit/x64/ia64 - LDR
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND The version of Tcpip.sys is less than 6.0.6001.22577
  • AND the version of Tcpip.sys is greater than or equal 6.0.6001.22000
  • OR Vulnerable Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 - GDR
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND The version of Tcpip.sys is less than 6.0.6002.18160
  • AND the version of Tcpip.sys is greater than or equal 6.0.6002.18000
  • OR Vulnerable Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 - LDR
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND The version of Tcpip.sys is less than 6.0.6002.22283
  • AND the version of Tcpip.sys is greater than or equal 6.0.6002.22000
    • BACK