| VID |
28154 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Intel Wireless/PRO 2200/2915 driver, according to its version number, has the Remote Code Execution vulnerabilities. Intel Centrino 2200BG and 2915ABG PRO/Wireless Network Adapter versions prior to 10.5 with driver version 9.0.4.16 for Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in the Microsoft Windows w22n50.sys, w22n51.sys, w29n50.sys and w29n51.sys drivers when handling certain frames. If a remote attacker within transmitting range of an affected wireless adapter sends a specially crafted frame to that adapter, the attacker could exploit this vulnerability to execute arbitrary code on the affected host.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
http://www.kb.cert.org/vuls/id/230208
http://www.frsirt.com/english/advisories/2006/3100
http://securitytracker.com/id?1016621
* Platforms Affected:
Intel PROSet/Wireless 2200BG versions 10.5 and earlier
Intel PROSet/Wireless 2915ABG versions 10.5 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest Intel PROSet version (10.5 driver version 9.0.4.16 or later), as listed in the Intel Support Solution ID: CS-023065 at http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm |
| Related URL |
CVE-2006-3992 (CVE) |
| Related URL |
19298 (SecurityFocus) |
| Related URL |
28208 (ISS) |
|
