CVE-2010-4562

2012-02-0217:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-4562

microsoft windows

ipv6

network sniffing

icmpv6

remote attackers

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.069 Low

EPSS

Percentile

93.9%

JSON

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*