Vulnerability CVE-2007-3681
Published: 2007-07-11   Modified: 2012-02-12

Description:
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

Type:

CWE-Other

CVSS2 => (AV:L/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.6/10
10/10
2.7/10
Exploit range
Attack complexity
Authentication
Local
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Winpcap -> Winpcap 

 References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
http://securitytracker.com/id?1018350
http://www.securityfocus.com/archive/1/473270/100/0/threaded
http://www.securityfocus.com/archive/1/473297/100/0/threaded
http://www.securityfocus.com/archive/1/473301/100/0/threaded
http://www.securityfocus.com/bid/24829
http://www.vupen.com/english/advisories/2007/2468
http://www.winpcap.org/misc/changelog.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/35309
https://www.exploit-db.com/exploits/4165
Copyright 2024, cxsecurity.com

 

Back to Top