Windows RRAS memory corruption vulnerability

Added: 06/30/2006
CVE: CVE-2006-2370
BID: 18325
OSVDB: 26437


The Routing and Remote Access Service (RRAS) allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator.


A buffer overflow in RRAS allows remote attackers to execute arbitrary commands.


Apply the patch referenced in Microsoft Security Bulletin 06-025.



The Remote Access Connection Manager service must be running in order for this exploit to succeed.

On Windows 2000, the Routing and Remote Access service must also be running and configured, and valid Windows login credentials are required. (Credentials are not required on Windows XP.)

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows 2000. These packages are available from


Windows 2000
Windows XP

Back to exploit index