CVE-2007-5756

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5756
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 Broken Link
http://secunia.com/advisories/27676 Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/26409 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018935 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/3835 Broken Link
http://www.winpcap.org/misc/changelog.htm Release Notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:*
History

09 Feb 2024, 03:13

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link
References () http://secunia.com/advisories/27676 - Patch, Vendor Advisory () http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/26409 - () http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1018935 - () http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/3835 - () http://www.vupen.com/english/advisories/2007/3835 - Broken Link
References () http://www.winpcap.org/misc/changelog.htm - () http://www.winpcap.org/misc/changelog.htm - Release Notes
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry
CWE CWE-119 CWE-129
CPE cpe:2.3:a:winpcap:winpcap:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:*
Information

Published : 2007-11-14 01:46

Updated : 2024-02-09 03:13

NVD link : CVE-2007-5756

Mitre link : CVE-2007-5756

CVE.ORG link : CVE-2007-5756

JSON object : View

Products Affected

winpcap

  • winpcap
CWE
CWE-129

Improper Validation of Array Index