CVE-2007-5756 — MEDIUM (6.9)

Q: How severe is CVE-2007-5756?

CVE-2007-5756 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-5756?

Check the references section above for vendor advisories and patch information. Affected products include: Winpcap Winpcap.

Vulnerability Description

Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Winpcap	Winpcap	< 4.0.2

Related Weaknesses (CWE)

CWE-129

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625Broken Link
http://secunia.com/advisories/27676Broken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/26409Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018935Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/3835Broken Link
http://www.winpcap.org/misc/changelog.htmRelease Notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/38433Third Party AdvisoryVDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625Broken Link
http://secunia.com/advisories/27676Broken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/26409Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018935Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/3835Broken Link
http://www.winpcap.org/misc/changelog.htmRelease Notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/38433Third Party AdvisoryVDB Entry

FAQ

What is CVE-2007-5756?

CVE-2007-5756 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly...

How severe is CVE-2007-5756?

CVE-2007-5756 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5756?

Check the references section above for vendor advisories and patch information. Affected products include: Winpcap Winpcap.