cbcvebase.
CVE-2006-0021
published 2006-02-14

CVE-2006-0021: Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP…

PriorityP346high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
62.88%
99.1th percentile
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

Affected

7 ranges
VendorProductVersion rangeFixed in
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server

Detection & IOCsextracted from sources · hover to see the quote

  • Detect IGMP packets with an invalid/oversized IP header length (IHL=7, indicating 28 bytes of IP header with malformed options) targeting Windows hosts — characteristic of the MS06-007 DoS trigger.
  • The exploit sends a raw IGMP packet using SOCK_RAW/IPPROTO_RAW with IP_HDRINCL set (setsockopt IP option 2), requiring Administrator/root privileges on the sending host — lateral movement or insider threat scenarios should be considered.
  • Affected targets are Windows XP SP1/SP2 and Windows Server 2003 up to SP1; any IGMP packet with an invalid IP option field received by these systems can cause a hang (kernel-level DoS).
  • ·The Windows Firewall must be disabled on the victim for the raw IGMP packet to be processed; environments with host-based firewalls enabled may not be vulnerable to remote exploitation.
  • ·The Linux-based PoC (exploit 1603) requires the attacker to run as root to open a raw socket (SOCK_RAW/IPPROTO_RAW); the Windows-based PoC (exploit 1599) requires Administrator rights on the sending system.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.