Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
References
Configurations
History
21 Nov 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link | |
References | () http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2007/3835 - Broken Link | |
References | () http://www.winpcap.org/misc/changelog.htm - Release Notes | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry |
09 Feb 2024, 03:13
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-129 | |
CPE | cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:* | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3835 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry | |
References | (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link | |
References | (CONFIRM) http://www.winpcap.org/misc/changelog.htm - Release Notes |
Information
Published : 2007-11-14 01:46
Updated : 2024-11-21 00:38
NVD link : CVE-2007-5756
Mitre link : CVE-2007-5756
CVE.ORG link : CVE-2007-5756
JSON object : View
Products Affected
winpcap
- winpcap
CWE
CWE-129
Improper Validation of Array Index