6.4

CVE-2007-3898

Exploit

EPSS 83.87%
Published 14.11.2007 01:46:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updategold

Microsoft ≫ Windows 2000 Updategold Editionadv_srv

Microsoft ≫ Windows 2000 Updategold Editiondatacenter_srv

Microsoft ≫ Windows 2000 Updategold Editionsrv

Microsoft ≫ Windows 2000 Updatesp1

Microsoft ≫ Windows 2000 Updatesp1 Editionadv_srv

Microsoft ≫ Windows 2000 Updatesp1 Editiondatacenter_srv

Microsoft ≫ Windows 2000 Updatesp1 Editionsrv

Microsoft ≫ Windows 2000 Updatesp2

Microsoft ≫ Windows 2000 Updatesp2 Editionadv_srv

Microsoft ≫ Windows 2000 Updatesp2 Editiondatacenter_srv

Microsoft ≫ Windows 2000 Updatesp2 Editionsrv

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp3 Editionadv_srv

Microsoft ≫ Windows 2000 Updatesp3 Editiondatacenter_srv

Microsoft ≫ Windows 2000 Updatesp3 Editionsrv

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2000 Updatesp4 Editionadv_srv

Microsoft ≫ Windows 2000 Updatesp4 Editiondatacenter_srv

Microsoft ≫ Windows 2000 Updatesp4 Editionsrv

Microsoft ≫ Windows 2003 Server Updategold

Microsoft ≫ Windows 2003 Server Updategold Editionitanium

Microsoft ≫ Windows 2003 Server Updategold Editionstd

Microsoft ≫ Windows 2003 Server Updategold Editionx64

Microsoft ≫ Windows 2003 Server Updategold Editionx64-std

Microsoft ≫ Windows 2003 Server Updatesp1

Microsoft ≫ Windows 2003 Server Updatesp1 Editionstd

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2 Editionstd

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows Server 2003 Update-

Microsoft ≫ Windows Server 2003 Updatesp1

Microsoft ≫ Windows Server 2003 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	83.87%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

http://www.securityfocus.com/archive/1/484186/100/0/threaded

http://www.us-cert.gov/cas/techalerts/TA07-317A.html

US Government Resource

http://secunia.com/advisories/27584

Patch

Vendor Advisory

http://securityreason.com/securityalert/3373

http://www.kb.cert.org/vuls/id/484649

US Government Resource

http://www.scanit.be/advisory-2007-11-14.html

http://www.securityfocus.com/archive/1/483635/100/0/threaded

http://www.securityfocus.com/archive/1/483698/100/0/threaded

http://www.securityfocus.com/bid/25919

Patch

Exploit

http://www.securitytracker.com/id?1018942

http://www.trusteer.com/docs/windowsdns.html

http://www.vupen.com/english/advisories/2007/3848

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062

https://exchange.xforce.ibmcloud.com/vulnerabilities/36805

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395

https://nvd.nist.gov/vuln/detail/CVE-2007-3898

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3898

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3898

EUVD