CVE-2007-5756

Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
Configurations

Configuration 1 (hide)

cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link
References () http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory () http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/3835 - Broken Link () http://www.vupen.com/english/advisories/2007/3835 - Broken Link
References () http://www.winpcap.org/misc/changelog.htm - Release Notes () http://www.winpcap.org/misc/changelog.htm - Release Notes
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry

09 Feb 2024, 03:13

Type Values Removed Values Added
CWE CWE-119 CWE-129
CPE cpe:2.3:a:winpcap:winpcap:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:winpcap:winpcap:*:*:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/38433 - Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2007/3835 - (VUPEN) http://www.vupen.com/english/advisories/2007/3835 - Broken Link
References (SECUNIA) http://secunia.com/advisories/27676 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/27676 - Broken Link, Patch, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1018935 - (SECTRACK) http://www.securitytracker.com/id?1018935 - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/26409 - (BID) http://www.securityfocus.com/bid/26409 - Broken Link, Third Party Advisory, VDB Entry
References (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625 - Broken Link
References (CONFIRM) http://www.winpcap.org/misc/changelog.htm - (CONFIRM) http://www.winpcap.org/misc/changelog.htm - Release Notes

Information

Published : 2007-11-14 01:46

Updated : 2024-11-21 00:38


NVD link : CVE-2007-5756

Mitre link : CVE-2007-5756

CVE.ORG link : CVE-2007-5756


JSON object : View

Products Affected

winpcap

  • winpcap
CWE
CWE-129

Improper Validation of Array Index