fkie_cve-2007-3038
Vulnerability from fkie_nvd
Published
2007-07-10 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
References
secure@microsoft.comhttp://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
secure@microsoft.comhttp://osvdb.org/35952
secure@microsoft.comhttp://secunia.com/advisories/26001
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/101321US Government Resource
secure@microsoft.comhttp://www.securityfocus.com/archive/1/473294/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/24779
secure@microsoft.comhttp://www.securitytracker.com/id?1018354
secure@microsoft.comhttp://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-191A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/2480
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35322
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884
af854a3a-2127-422b-91ae-364da2661108http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/35952
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26001
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/101321US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/473294/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24779
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018354
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-191A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2480
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884
Impacted products
Vendor Product Version
microsoft windows_vista *
microsoft windows_vista *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El interfaz Teredo de Microsoft Windows Vista y Vista x64 Edition no maneja adecuadamente cierto tr\u00e1fico de red, lo cual permite a atacantes remotos evitar las reglas de bloqueo del cortafuegos y obtener informaci\u00f3n sensible mediante tr\u00e1fico IPv6 manipulado artesanalmente, tambi\u00e9n conocido como \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability\"."
    }
  ],
  "id": "CVE-2007-3038",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-10T22:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35952"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/26001"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/101321"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24779"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018354"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2480"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/101321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.