1. CVE-Search
  2. CVE-2007-0069
ID CVE-2007-0069
Summary Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-11-14T04:00:27.961-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Pooja Shetty
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
description Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
family windows
id oval:org.mitre.oval:def:5370
status accepted
submitted 2008-01-08T14:23:12
title Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability
version 47
refmap via4
bid 27100
cert TA08-008A
cert-vn VU#115083
hp
  • HPSBST02304
  • SSRT080003
iss 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
misc http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx
sectrack 1019166
secunia 28297
vupen ADV-2008-0069
xf
  • win-ssm-igmp-bo(39452)
  • win-ssm-mld-bo(39453)
Last major update 16-10-2018 - 16:31
Published 08-01-2008 - 20:46
Last modified 16-10-2018 - 16:31
Back to Top