CVE-2007-5756

Published Nov 14, 2007

Last updated 9 months ago

Overview

Description: Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-129

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A6E528E-DE46-46F1-B8EA-0D885DA7D9E3",
            "versionEndExcluding": "4.0.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References