Lucene search

MitreCVE-2008-5229

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-5229

2008-11-2523:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-5229

buffer overflow

microsoft

windows vista

privilege escalation

denial of service

iphlpapi.dll

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a “route add” command. NOTE: this issue might not cross privilege boundaries.

Affected configurations

Nvd

Node

microsoftwindows_vistasp1

microsoftwindows_vistaMatchgold

VendorProductVersionCPE
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
microsoftwindows_vistagoldcpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
microsoft	windows_vista	gold	cpe:2.3:o:microsoft:windows_vista:gold:::::::*

References

secunia.com/advisories/32791

securityreason.com/securityalert/4646

securitytracker.com/id?1021245

www.securityfocus.com/archive/1/498471/100/0/threaded

www.securityfocus.com/archive/1/498650/100/0/threaded

www.securityfocus.com/bid/32357

exchange.xforce.ibmcloud.com/vulnerabilities/46742

Social References

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Related for CVE-2008-5229