Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5229

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5229
Last Modified 02 Feb 2009 12:00:00
Published 25 Nov 2008 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5229

Summary

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.

Vulnerable Systems

Operating System

  • Microsoft Windows Vista

  • Microsoft Windows Vista Gold


References

XF - win-vista-iphlpapi-bo(46742)

BID - 32357

BUGTRAQ - 20081119 Microsoft VISTA TCP/IP stack buffer overflow

BUGTRAQ - 20081125 Re: Microsoft VISTA TCP/IP stack buffer overflow

SECTRACK - 1021245

SREASON - 4646

SECUNIA - 32791


Last Updated: 27 May 2016 10:48:44