Critical analysis of CVE-2024-38063 : the Microsoft IPv6-vulnerability

Kerutt, Bennet; Lorenz, Bastian; Schwarz, Monina; Kaven, Sascha; Skwarek, Volker

doi:10.22032/dbt.67106

DC Element	Wert	Sprache
dc.contributor.author	Kerutt, Bennet	-
dc.contributor.author	Lorenz, Bastian	-
dc.contributor.author	Schwarz, Monina	-
dc.contributor.author	Kaven, Sascha	-
dc.contributor.author	Skwarek, Volker	-
dc.date.accessioned	2025-09-30T07:40:07Z	-
dc.date.available	2025-09-30T07:40:07Z	-
dc.date.issued	2025-08-29	-
dc.identifier.uri	https://hdl.handle.net/20.500.12738/18242	-
dc.description.abstract	CVE-2024-38063 was claimed to be a critical remote code execution vulnerability in the Microsoft Windows IPv6 stack due to an integer underflow and heap-based buffer overflow. This paper analyzes the vulnerability's root cause, demonstrates a proof-of-concept exploit, and evaluates its reproducibility under various patch levels. The analysis highlights the implications of a conditional patch rollback mechanism and discusses mitigation strategies. Additionally, it recalculates the CVSS score basing on these findings.	en
dc.language.iso	en	en_US
dc.publisher	Technische Universität Ilmenau ; Universitätsbibliothek Ilmenau, ilmedia	en_US
dc.subject.ddc	004: Informatik	en_US
dc.title	Critical analysis of CVE-2024-38063 : the Microsoft IPv6-vulnerability	en
dc.type	inProceedings	en_US
dc.relation.conference	International Conference on Networked Systems 2025	en_US
dc.description.version	PeerReviewed	en_US
local.contributorPerson.editor	Koldehofe, Boris	-
local.contributorPerson.editor	Klingler, Florian	-
local.contributorPerson.editor	Sommer, Christoph	-
local.contributorPerson.editor	Hummel, Karin Anna	-
local.contributorPerson.editor	Amthor, Peter	-
tuhh.container.endpage	8	en_US
tuhh.container.startpage	5	en_US
tuhh.oai.show	true	en_US
tuhh.publication.institute	Forschungs- und Transferzentrum CyberSec	en_US
tuhh.publication.institute	Department Wirtschaftsingenieurwesen	en_US
tuhh.publication.institute	Fakultät Life Sciences	en_US
tuhh.publisher.doi	10.22032/dbt.67106	-
tuhh.relation.ispartofseries	Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025) : Technische Universität Ilmenau, 1-4 September 2025	en_US
tuhh.type.opus	InProceedings (Aufsatz / Paper einer Konferenz etc.)	-
dc.type.casrai	Conference Paper	-
dc.type.dini	contributionToPeriodical	-
dc.type.driver	contributionToPeriodical	-
dc.type.status	info:eu-repo/semantics/publishedVersion	en_US
dcterms.DCMIType	Text	-
local.comment.external	article number: 110	en_US
item.languageiso639-1	en	-
item.tuhhseriesid	Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025) : Technische Universität Ilmenau, 1-4 September 2025	-
item.creatorGND	Kerutt, Bennet	-
item.creatorGND	Lorenz, Bastian	-
item.creatorGND	Schwarz, Monina	-
item.creatorGND	Kaven, Sascha	-
item.creatorGND	Skwarek, Volker	-
item.cerifentitytype	Publications	-
item.openairecristype	http://purl.org/coar/resource_type/c_5794	-
item.creatorOrcid	Kerutt, Bennet	-
item.creatorOrcid	Lorenz, Bastian	-
item.creatorOrcid	Schwarz, Monina	-
item.creatorOrcid	Kaven, Sascha	-
item.creatorOrcid	Skwarek, Volker	-
item.fulltext	No Fulltext	-
item.grantfulltext	none	-
item.openairetype	inProceedings	-
item.seriesref	Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025) : Technische Universität Ilmenau, 1-4 September 2025	-
crisitem.author.dept	Department Wirtschaftsingenieurwesen	-
crisitem.author.dept	Department Wirtschaftsingenieurwesen	-
crisitem.author.orcid	0009-0001-0498-4460	-
crisitem.author.orcid	0000-0002-7260-6832	-
crisitem.author.orcid	0000-0001-5065-1029	-
crisitem.author.parentorg	Fakultät Life Sciences	-
crisitem.author.parentorg	Fakultät Life Sciences	-
Enthalten in den Sammlungen:	Publications without full text