Proof of Concept for MS05-019 available

There is now proof of concept code available for ms05-019 (Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)).
This one was actually interesting, an off-by-one
“When processing an IP packet with an option size (2nd byte after the option) of 39, it will crash – since the maximum available size is 40 for the whole IP options field, and two are already used:
[ OPT ] [ SIZE ] [ 38 more bytes ]
Checks are done to validate that the option-size field is less than 40, where a value less than !39! should be checked for validation.
Note that this doesn’t affect ALL options, and is also dependant upon the underlying protocol. “

There is now PoC code for MS05-016, MS05-017, MS05-019, and MS05-020. The time for patching is now.