Internet Protocol Helper API is Exploited on Windows Vista

SharePoint Blazing Stories

Windows Hot Stories

Related posts in Microsoft, News and Information, Windows

Phion published a proof of concept paper which shows how the Internet Protocol Helper API of Windows Vista can be exploited to trigger a stack buffer overflow which leads to the execution of random code.

Even though the Internet Protocol Helper API is also used by Windows NT and Windows XP, only Vista is affected specifically the Enterprise and Ultimate versions.

In an excerpt:

The Phion bulletin explicitly says that Windows XP, which also utilizes this API library, is not affected by this problem. The library in question has been in existence since Windows NT 4.0 Service Pack 4, and has been a regular component of successive versions since Windows 98.

Windows Vista was the first client operating system from Microsoft to support IPv6 protocol as a standard feature, although IPv6 remains an option for XP and older clients. It’s that distinction which leads to the Vista-specificity of this issue. The IP Helper API gives developers more direct access to the functions necessary for a Windows computer to utilize IP. So naturally, one of the functions included enables a program to establish an IP route for the local computer, and the original form of that function was called CreateIpForwardEntry.

Since the introduction of IPv6 as standard issue, the library had to offer an alternative way to phrase the forward route entry, though it had to also leave the earlier version of the function for backward compatibility. Thus the creation of CreateIpForwardEntry2, an API function that is only workable in Vista. An XP or older client would never make use of it, presumably even with IPv6 intentionally installed.

Thus the situation where the route add command, as Phion illustrated, can be gamed in such a way that it triggers a buffer overflow in Vista but not in XP. Evidently the command utilizes the older API function in XP, and the newer one in Vista.

The patch has not yet been made available by Microsoft despite over a month has gone since Phion first reported it on Oct. 22. Because of this, Phion has released their own hotfix which replaces Vista library.

I don’t think I would want to install a hotfix for a critical item from a third party unauthorized vendor. I would prefer to wait for Microsoft updates on this.

Permalink

Tuesday, November 25, 2008

Is this post helpful? Bookmark this post for your reference:

Featured Online Videos

Video on How to Guide: Make a quick launch bar in Windows 7

This is a video on making a quick launch bar in Windows 7.

Video description

The one thing I hate about windows 7 is the lack of the quick launch bar. I tried other bars like rocketbar and such but it just wasn’t the same. Then at work one day I came up with this great idea. check it out.

Online Videos

Featured Netbooks

Asus Eee PC 1000HE

Asus has announced their latest version of their revolutionary netbooks, the Asus Eee PC 1000HE. The current introductory prices is at $399 USD.

As of their press release:

ASUS Announces the Upgraded Eee PC 1000HE, Available Now for Pre-Order

– First netbook to feature Intel Atom N280 processor, the new Eee PC offers more power, 9.5 hours of battery life, and comfort and style –

FREMONT, CALIFORNIA (February 2, 2009)-ASUS, the innovator who revolutionized the mobile computing landscape with the original Eee PC netbook, today announces its most powerful and long-lasting Eee PC yet – the 1000HE. Available for pre-order from selected online E-tailers, the Eee PC 1000HE is the pinnacle of netbook computing, offering more power, longer battery life, increased comfort and legendary ASUS quality.

World’s First Atom N280 Netbook
With the extra power of the Intel Atom N280 processor, users will be able to boot faster, get work done quicker, and enjoy higher performance compared to other Atom N270-powered netbooks. The Eee PC 1000HE also features ASUS’ exclusive Super Hybrid Engine (SHE) technology, which can boost CPU speed for extra power or lower it to preserve battery life, all at the touch of a button.

Higher Density battery, New Keyboard
The Eee PC 1000HE is equipped with a high-density battery that, when combined with the Super Hybrid Engine, allows for an industry-leading 9.5 hours of battery life*. Using the Eee PC all-day has never been easier thanks to its bright 10” LED backlit display and new “chiclet” keyboard that allows for faster and more comfortable typing.

Wireless Internet and File Storage on-the-go
The Eee PC 1000HE comes with WiFi 802.11b/g/n network connectivity for ultimate wireless accessibility and mobility. Bluetooth v2.0 is also included for flexibility and convenience with any Bluetooth devices.

Additionally, the Eee PC 1000HE is outfitted with 170GB of Hybrid Storage – 160GB of internal hard disk drive and 10GB of file-encrypted Eee Online Storage. Users can store, share and access documents and multimedia easily on the move.

Pricing and Availability
The ASUS Eee PC 1000HE is available immediately for pre-order through the official ASUS Eee PC Group on Facebook at the following link: http://www.facebook.com/group.php?gid=6297967631. The introductory MSRP of the Eee PC 1000HE is $399 USD. For a limited time, an additional $25 instant discount will apply to the pre-orders. The Eee PC 1000HE will be available in both Fine Ebony Black and Blue in North America.

Estimated maximum battery life under Windows XP is measured with BatteryMark 4.0.1 (in Eee PC Super Hybrid Engine Power-Saving mode, 40% LCD brightness, Wi-Fi off, BT off, and camera disabled). Actual battery life may vary based on product settings, usage patterns and environmental conditions.