cbcvebase.
CVE-2006-5614
published 2006-10-31

CVE-2006-5614: Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a…

PriorityP423low2.6CVSS 2.0
AVNACHAuNCNINAP
EXPLOIT
EPSS
79.09%
99.5th percentile
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.

Detection & IOCsextracted from sources · hover to see the quote

filenameipnathlp.dll
  • Malformed DNS query with all-zero counts (Questions=0, Answer RRs=0, Authority RRs=0, Additional RRs=0) but with a trailing query body triggers the null pointer dereference in ipnathlp.dll. Detect UDP/53 packets with this header pattern directed at ICS-enabled hosts.
  • The exploit targets port 53 UDP on the ICS gateway (NAT helper). Anomalous DNS traffic to internal ICS gateway IPs with malformed zero-count headers should be flagged.
  • ·The vulnerability is only exploitable when Internet Connection Sharing (ICS) is enabled on the target Windows XP SP2 host. Systems without ICS enabled are not affected.
  • ·The attacker must be on the same local network segment as the ICS gateway (LAN-side), as the exploit targets the internal NAT interface IP (e.g., 192.168.0.1), not a public-facing address.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.