-{ Quote: "Summary
-----------------------------
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.

Affected Systems
-----------------------------

Using the sample program it was possible to verify this issue on following operating systems and configurations:

* Microsoft Windows Vista Enterprise 32 bit & 64 bit
* Microsoft Windows Vista Ultimate 32 bit & 64 bit

It is very likely that other versions of Windows Vista are affected by this issue.

This issue did not occur on Windows XP.

Installation of Service Pack 1 and/or security updates had no effect in regards to resolve the random crashes.

To execute either the sample program or the route-add command, the user has to be member of the Network Configuration Operators group or the Administrators group.

Since this buffer overflow overwrites kernel memory, it could be possible that members of the Network Configuration Operator group exploit this and take control over the operating system without any restriction.
" }-

http://www.securityfocus.com/archive/1/498471