[email protected]CVE-2007-3038

HistoryJul 10, 2007 - 10:30 p.m.

CVE-2007-3038

2007-07-1022:30:00

[email protected]

web.nvd.nist.gov

microsoft

windows vista

vista x64

teredo

firewall

vulnerability

information disclosure

ipv6

network security

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.5%

JSON

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka “Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_vista

microsoftwindows_vistax64

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*

References

archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html

osvdb.org/35952

secunia.com/advisories/26001

www.kb.cert.org/vuls/id/101321

www.securityfocus.com/archive/1/473294/100/0/threaded

www.securityfocus.com/bid/24779

www.securitytracker.com/id?1018354

www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt

www.us-cert.gov/cas/techalerts/TA07-191A.html

www.vupen.com/english/advisories/2007/2480

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038

exchange.xforce.ibmcloud.com/vulnerabilities/35322

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2007-3038

nessus1 openvas2 securityvulns3 nvd1 cert1 prion1 cvelist1