ID CVE-2007-0069
Summary Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_2003_server
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
CVSS
Base: 9.3 (as of 09-01-2008 - 11:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS08-001.NASL
description The remote version of Windows contains a version of the TCP/IP protocol that does not properly parse IGMPv3, MLDv2 and ICMP structure. An attacker may exploit these flaws to execute code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 29893
published 2008-01-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=29893
title MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
oval via4
accepted 2011-11-14T04:00:27.961-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Pooja Shetty
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
description Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
family windows
id oval:org.mitre.oval:def:5370
status accepted
submitted 2008-01-08T14:23:12
title Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability
version 41
refmap via4
bid 27100
cert TA08-008A
cert-vn VU#115083
hp
  • HPSBST02304
  • SSRT080003
iss 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
misc http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx
ms MS08-001
sectrack 1019166
secunia 28297
vupen ADV-2008-0069
xf
  • win-ssm-igmp-bo(39452)
  • win-ssm-mld-bo(39453)
Last major update 28-03-2011 - 00:00
Published 08-01-2008 - 15:46
Last modified 16-10-2018 - 12:31
Back to Top