E19-0r8p1
CVSS:
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
1
Year:
2019
Description
This strike reproduces an attack on Microsoft Windows' DHCP client, on a buffer overflow vulnerability.
The flaw results from the lack of field counting when parsing 'Options' fields in a DHCP ACK packet, resulting in overwrite of memory areas.
As a consequence of exploiting this bug, a remote attacker controlling a DHCP server may take advantage and gain control of vulnerable Windows-based DHCP clients.