ID CVE-2007-3038
Summary The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
CVSS
Base: 7.8 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:N/A:N
oval via4
accepted 2007-08-20T08:04:39.445-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
definition_extensions
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
description The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
family windows
id oval:org.mitre.oval:def:1884
status accepted
submitted 2007-07-10T18:34:24
title Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability
version 66
refmap via4
bid 24779
bugtraq 20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface
cert TA07-191A
cert-vn VU#101321
confirm http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
hp SSRT071446
ms MS07-038
osvdb 35952
sectrack 1018354
secunia 26001
vupen ADV-2007-2480
xf win-vista-firewall-information-disclosure(35322)
vulnerable_product via4
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Last major update 16-10-2018 - 16:47
Published 10-07-2007 - 22:30
Back to Top