CVE-2007-3038 (GCVE-0-2007-3038)
Vulnerability from cvelistv5
Published
2007-07-10 22:00
Modified
2024-08-07 13:57
Severity ?
CWE
  • n/a
Summary
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
References
secure@microsoft.com http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
secure@microsoft.com http://osvdb.org/35952
secure@microsoft.com http://secunia.com/advisories/26001
secure@microsoft.com http://www.kb.cert.org/vuls/id/101321 US Government Resource
secure@microsoft.com http://www.securityfocus.com/archive/1/473294/100/0/threaded
secure@microsoft.com http://www.securityfocus.com/bid/24779
secure@microsoft.com http://www.securitytracker.com/id?1018354
secure@microsoft.com http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
secure@microsoft.com http://www.us-cert.gov/cas/techalerts/TA07-191A.html US Government Resource
secure@microsoft.com http://www.vupen.com/english/advisories/2007/2480
secure@microsoft.com https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
secure@microsoft.com https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
secure@microsoft.com https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884
af854a3a-2127-422b-91ae-364da2661108 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
af854a3a-2127-422b-91ae-364da2661108 http://osvdb.org/35952
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/26001
af854a3a-2127-422b-91ae-364da2661108 http://www.kb.cert.org/vuls/id/101321 US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/473294/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/24779
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id?1018354
af854a3a-2127-422b-91ae-364da2661108 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
af854a3a-2127-422b-91ae-364da2661108 http://www.us-cert.gov/cas/techalerts/TA07-191A.html US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2007/2480
af854a3a-2127-422b-91ae-364da2661108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT071446",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
          },
          {
            "name": "win-vista-firewall-information-disclosure(35322)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
          },
          {
            "name": "ADV-2007-2480",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
          },
          {
            "name": "24779",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24779"
          },
          {
            "name": "oval:org.mitre.oval:def:1884",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
          },
          {
            "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
          },
          {
            "name": "MS07-038",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
          },
          {
            "name": "VU#101321",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/101321"
          },
          {
            "name": "1018354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018354"
          },
          {
            "name": "35952",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35952"
          },
          {
            "name": "TA07-191A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
          },
          {
            "name": "26001",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SSRT071446",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
        },
        {
          "name": "win-vista-firewall-information-disclosure(35322)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
        },
        {
          "name": "ADV-2007-2480",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
        },
        {
          "name": "24779",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24779"
        },
        {
          "name": "oval:org.mitre.oval:def:1884",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
        },
        {
          "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
        },
        {
          "name": "MS07-038",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
        },
        {
          "name": "VU#101321",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/101321"
        },
        {
          "name": "1018354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018354"
        },
        {
          "name": "35952",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35952"
        },
        {
          "name": "TA07-191A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
        },
        {
          "name": "26001",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3038",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT071446",
              "refsource": "HP",
              "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
            },
            {
              "name": "win-vista-firewall-information-disclosure(35322)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
            },
            {
              "name": "ADV-2007-2480",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2480"
            },
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
            },
            {
              "name": "24779",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24779"
            },
            {
              "name": "oval:org.mitre.oval:def:1884",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
            },
            {
              "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
            },
            {
              "name": "MS07-038",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
            },
            {
              "name": "VU#101321",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/101321"
            },
            {
              "name": "1018354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018354"
            },
            {
              "name": "35952",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35952"
            },
            {
              "name": "TA07-191A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
            },
            {
              "name": "26001",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-3038",
    "datePublished": "2007-07-10T22:00:00",
    "dateReserved": "2007-06-05T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3038\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-07-10T22:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \\\"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El interfaz Teredo de Microsoft Windows Vista y Vista x64 Edition no maneja adecuadamente cierto tr\u00e1fico de red, lo cual permite a atacantes remotos evitar las reglas de bloqueo del cortafuegos y obtener informaci\u00f3n sensible mediante tr\u00e1fico IPv6 manipulado artesanalmente, tambi\u00e9n conocido como \\\"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"}]}]}],\"references\":[{\"url\":\"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/35952\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/26001\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/101321\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/473294/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/24779\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018354\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2480\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35322\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/101321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/473294/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.