CVE-2007-5756

EPSS 0.59%
Veröffentlicht 14.11.2007 01:46:00
Zuletzt bearbeitet 16.06.2026 22:46:46
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Winpcap ≫ Winpcap Version < 4.0.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.434

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.winpcap.org/misc/changelog.htm

Release Notes

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625

Broken Link

http://secunia.com/advisories/27676

Patch

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/26409

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1018935

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2007/3835

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/38433

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2007-5756

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5756

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5756

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-5756