Vulnerability Description
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | All Windows | abstract_cpe |
References
- http://osvdb.org/43603
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33473
- https://www.exploit-db.com/exploits/3544
- http://osvdb.org/43603
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33473
- https://www.exploit-db.com/exploits/3544
FAQ
What is CVE-2007-1644?
CVE-2007-1644 is a vulnerability with a CVSS score of 10.0 (HIGH). The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change...
How severe is CVE-2007-1644?
CVE-2007-1644 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1644?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft All Windows.