{"id":96061,"date":"2019-08-02T07:21:24","date_gmt":"2019-08-02T14:21:24","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=96061"},"modified":"2025-05-29T03:29:20","modified_gmt":"2025-05-29T10:29:20","slug":"dhcp-client-remote-code-execution-vulnerability-demystified","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/","title":{"rendered":"DHCP Client Remote Code Execution Vulnerability Demystified"},"content":{"rendered":"<h2>CVE-2019-0547<\/h2>\n<p>CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets.<\/p>\n<p>This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making it a critical vulnerability.<\/p>\n<h2>DHCP protocol overview<\/h2>\n<p>DHCP is a client-server protocol used to dynamically assign IP address when a computer connects to a network. DHCP server listens on port 67 and is responsible for distributing IP addresses to DHCP clients and allocating TCP\/IP configuration to endpoints.<\/p>\n<p>The DHCP hand shake is represented below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96062\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/DHCP-handshake.png\" alt=\"\" width=\"729\" height=\"758\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-handshake.png 729w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-handshake-289x300.png 289w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-handshake-481x500.png 481w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-handshake-24x24.png 24w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/p>\n<p>During DHCP Offer and DHCP Ack, the packet contains all the TCP\/IP configuration information required for a client to join the network. The structure of a DHCP Ack packet is shown below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96063\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet.png\" alt=\"\" width=\"1761\" height=\"916\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet.png 1761w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet-300x156.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet-768x399.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet-1024x533.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-Ack-packet-961x500.png 961w\" sizes=\"auto, (max-width: 1761px) 100vw, 1761px\" \/><\/p>\n<p>The options field holds several parameters required for basic DHCP operation. One of the options in the Options field is Domain Search (type field is 119).<\/p>\n<h2>Domain Search Option field (RFC <a href=\"https:\/\/tools.ietf.org\/html\/rfc3397\">3397<\/a>)<\/h2>\n<p>This option is passed along with OFFER and ACK packets to the client to specify the domain search list used when resolving hostnames using DNS. The format of the DHCP option field is as follows:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96064\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/DHCP-option-field.png\" alt=\"\" width=\"1264\" height=\"263\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-option-field.png 1264w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-option-field-300x62.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-option-field-768x160.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/DHCP-option-field-1024x213.png 1024w\" sizes=\"auto, (max-width: 1264px) 100vw, 1264px\" \/><\/p>\n<p>To enable the searchlist to be encoded compactly, searchstrings in the searchlist are concatenated and encoded.<\/p>\n<p>A list of domain names, such as \u00a0www<a href=\"http:\/\/www.example.com\">.<\/a>example.com and dns.example.com are encoded thus:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96065\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/encoding.png\" alt=\"\" width=\"1691\" height=\"464\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/encoding.png 1691w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/encoding-300x82.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/encoding-768x211.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/encoding-1024x281.png 1024w\" sizes=\"auto, (max-width: 1691px) 100vw, 1691px\" \/><\/p>\n<h2>Vulnerability<\/h2>\n<p>There is a vulnerability in the DecodeDomainSearchListData function of dhcpcore.dll.<\/p>\n<p>The DecodeDomainSearchListData function decodes the encoded search list option field value. While decoding, the function calculates the length of the decoded domain name list and allocates memory and copies the decoded list.<\/p>\n<p>A malicious user can create an encoded search list, such that when DecodeDomainSearchListData function decodes, the resulting length is zero. This will lead to heapalloc with zero memory, resulting in an out-of-bound write.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96066\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/out-of-bound-write.png\" alt=\"\" width=\"1224\" height=\"309\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/out-of-bound-write.png 1224w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/out-of-bound-write-300x76.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/out-of-bound-write-768x194.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/out-of-bound-write-1024x259.png 1024w\" sizes=\"auto, (max-width: 1224px) 100vw, 1224px\" \/><\/p>\n<h2>Patch<\/h2>\n<p>The patch includes a check which ensures the size argument to HeapAlloc is not zero. If zero, the function exits.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-96067\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2019\/07\/HeapAlloc-check.png\" alt=\"\" width=\"1398\" height=\"653\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/HeapAlloc-check.png 1398w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/HeapAlloc-check-300x140.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/HeapAlloc-check-768x359.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/HeapAlloc-check-1024x478.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/07\/HeapAlloc-check-1070x500.png 1070w\" sizes=\"auto, (max-width: 1398px) 100vw, 1398px\" \/><\/p>\n<h2>Conclusion<\/h2>\n<p>A rogue DHCP server in the network can exploit this vulnerability, by replying to the DHCP request from the clients. This rogue DHCP server can also be a wireless access point which a user connects. Successful exploitation of this vulnerability can trigger a code execution in the client and take control of the system.<\/p>\n<p>McAfee NSP customers are protected from this attack by signature \u201c0x42602000\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for&#8230;<\/p>\n","protected":false},"author":910,"featured_media":95572,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[5002],"class_list":["post-96061","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog<\/title>\n<meta name=\"description\" content=\"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-02T14:21:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T10:29:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"974\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Bosco Sebastian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bosco Sebastian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\"},\"author\":{\"name\":\"Bosco Sebastian\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fa34211f16b6ccfeba39d2c969693ccb\"},\"headline\":\"DHCP Client Remote Code Execution Vulnerability Demystified\",\"datePublished\":\"2019-08-02T14:21:24+00:00\",\"dateModified\":\"2025-05-29T10:29:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\"},\"wordCount\":414,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\",\"name\":\"DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png\",\"datePublished\":\"2019-08-02T14:21:24+00:00\",\"dateModified\":\"2025-05-29T10:29:20+00:00\",\"description\":\"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png\",\"width\":974,\"height\":650,\"caption\":\"laptop with a glitching screen\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"DHCP Client Remote Code Execution Vulnerability Demystified\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fa34211f16b6ccfeba39d2c969693ccb\",\"name\":\"Bosco Sebastian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c800a46fa279d3908ffe8833409fe6a4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1a99a3fe5e99387ff53f1d11dd03e0dc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1a99a3fe5e99387ff53f1d11dd03e0dc?s=96&d=mm&r=g\",\"caption\":\"Bosco Sebastian\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/bosco-sebastian-74732636\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/bosco-sebastian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog","description":"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog","og_description":"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2019-08-02T14:21:24+00:00","article_modified_time":"2025-05-29T10:29:20+00:00","og_image":[{"width":974,"height":650,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png","type":"image\/png"}],"author":"Bosco Sebastian","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Bosco Sebastian","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/"},"author":{"name":"Bosco Sebastian","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fa34211f16b6ccfeba39d2c969693ccb"},"headline":"DHCP Client Remote Code Execution Vulnerability Demystified","datePublished":"2019-08-02T14:21:24+00:00","dateModified":"2025-05-29T10:29:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/"},"wordCount":414,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/","name":"DHCP Client Remote Code Execution Vulnerability Demystified | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png","datePublished":"2019-08-02T14:21:24+00:00","dateModified":"2025-05-29T10:29:20+00:00","description":"CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/06\/Picture1-2.png","width":974,"height":650,"caption":"laptop with a glitching screen"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dhcp-client-remote-code-execution-vulnerability-demystified\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"DHCP Client Remote Code Execution Vulnerability Demystified"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fa34211f16b6ccfeba39d2c969693ccb","name":"Bosco Sebastian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c800a46fa279d3908ffe8833409fe6a4","url":"https:\/\/secure.gravatar.com\/avatar\/1a99a3fe5e99387ff53f1d11dd03e0dc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1a99a3fe5e99387ff53f1d11dd03e0dc?s=96&d=mm&r=g","caption":"Bosco Sebastian"},"sameAs":["https:\/\/www.linkedin.com\/in\/bosco-sebastian-74732636\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/bosco-sebastian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/910"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=96061"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96061\/revisions"}],"predecessor-version":[{"id":214714,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96061\/revisions\/214714"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/95572"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=96061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=96061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=96061"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=96061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}