Lucene search

[email protected]NVD:CVE-2008-5229

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-5229

2008-11-2523:30:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a “route add” command. NOTE: this issue might not cross privilege boundaries.

Affected configurations

Nvd

Node

microsoftwindows_vistasp1

microsoftwindows_vistaMatchgold

VendorProductVersionCPE
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
microsoftwindows_vistagoldcpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
microsoft	windows_vista	gold	cpe:2.3:o:microsoft:windows_vista:gold:::::::*

References

secunia.com/advisories/32791

securityreason.com/securityalert/4646

securitytracker.com/id?1021245

www.securityfocus.com/archive/1/498471/100/0/threaded

www.securityfocus.com/archive/1/498650/100/0/threaded

www.securityfocus.com/bid/32357

exchange.xforce.ibmcloud.com/vulnerabilities/46742

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Related for NVD:CVE-2008-5229

exploitdb1 cve1 prion1 cvelist1