CVE-2007-3681

The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

CVSS v2.0 6.6 MEDIUM

6.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 2.7 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
http://osvdb.org/37889
http://secunia.com/advisories/25982	Patch Vendor Advisory
http://securitytracker.com/id?1018350
http://www.securityfocus.com/archive/1/473270/100/0/threaded
http://www.securityfocus.com/archive/1/473297/100/0/threaded
http://www.securityfocus.com/archive/1/473301/100/0/threaded
http://www.securityfocus.com/bid/24829	Patch
http://www.vupen.com/english/advisories/2007/2468
http://www.winpcap.org/misc/changelog.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/35309
https://www.exploit-db.com/exploits/4165
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
http://osvdb.org/37889
http://secunia.com/advisories/25982	Patch Vendor Advisory
http://securitytracker.com/id?1018350
http://www.securityfocus.com/archive/1/473270/100/0/threaded
http://www.securityfocus.com/archive/1/473297/100/0/threaded
http://www.securityfocus.com/archive/1/473301/100/0/threaded
http://www.securityfocus.com/bid/24829	Patch
http://www.vupen.com/english/advisories/2007/2468
http://www.winpcap.org/misc/changelog.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/35309
https://www.exploit-db.com/exploits/4165

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:winpcap:winpcap:3.1:::::::*
	cpe:2.3:a:winpcap:winpcap:4.0:::::::*

History

21 Nov 2024, 00:33

Type	Values Removed	Values Added
References	~~() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550 -~~	() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550 -
References	~~() http://osvdb.org/37889 -~~	() http://osvdb.org/37889 -
References	~~() http://secunia.com/advisories/25982 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/25982 - Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1018350 -~~	() http://securitytracker.com/id?1018350 -
References	~~() http://www.securityfocus.com/archive/1/473270/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473270/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/473297/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473297/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/473301/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473301/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/24829 - Patch~~	() http://www.securityfocus.com/bid/24829 - Patch
References	~~() http://www.vupen.com/english/advisories/2007/2468 -~~	() http://www.vupen.com/english/advisories/2007/2468 -
References	~~() http://www.winpcap.org/misc/changelog.htm -~~	() http://www.winpcap.org/misc/changelog.htm -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35309 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35309 -
References	~~() https://www.exploit-db.com/exploits/4165 -~~	() https://www.exploit-db.com/exploits/4165 -

Information

Published : 2007-07-11 17:30

Updated : 2024-11-21 00:33

NVD link : CVE-2007-3681

Mitre link : CVE-2007-3681

CVE.ORG link : CVE-2007-3681

JSON object : View

Products Affected

winpcap

winpcap

CWE

NVD-CWE-Other

{"id": "CVE-2007-3681", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-11T17:30:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37889", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25982", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1018350", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473270/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473297/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473301/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24829", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2468", "source": "cve@mitre.org"}, {"url": "http://www.winpcap.org/misc/changelog.htm", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35309", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4165", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/37889", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25982", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1018350", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/473270/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/473297/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/473301/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24829", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2468", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.winpcap.org/misc/changelog.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35309", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4165", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters."}, {"lang": "es", "value": "El manejador IOCTL 9031 (BIOCGSTATS) del dispositivo controlador NPF.SYS en el WinPcap anterior al 4.0.1 permite a usuarios locales sobrescribir la memoria y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de par\u00e1metros Interrupt Request Packet (Irp) mal formados."}], "lastModified": "2024-11-21T00:33:48.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:winpcap:winpcap:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6238750-894A-4C83-9686-86364ADCF971"}, {"criteria": "cpe:2.3:a:winpcap:winpcap:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB92E2F4-FAB4-4E79-9EA3-BF3023898EC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.6 /10