CVE-2008-5229 Information

Description

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method as demonstrated by a \route add\ command. NOTE: this issue might not cross privilege boundaries.

Reference

http://secunia.com/advisories/32791 http://securityreason.com/securityalert/4646 http://securitytracker.com/id?1021245 http://www.securityfocus.com/archive/1/498471/100/0/threaded http://www.securityfocus.com/archive/1/498650/100/0/threaded http://www.securityfocus.com/bid/32357 https://exchange.xforce.ibmcloud.com/vulnerabilities/46742