Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/32791 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/4646 - Exploit | |
References | () http://securitytracker.com/id?1021245 - Exploit | |
References | () http://www.securityfocus.com/archive/1/498471/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/498650/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/32357 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/46742 - |
Information
Published : 2008-11-25 23:30
Updated : 2024-11-21 00:53
NVD link : CVE-2008-5229
Mitre link : CVE-2008-5229
CVE.ORG link : CVE-2008-5229
JSON object : View
Products Affected
microsoft
- windows_vista
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer