CVE-2007-3038 - Vulnerability Details - OpenCVE

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows Vista

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista:::x64:::::*

No data.

References

Link	Providers
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://osvdb.org/35952
http://secunia.com/advisories/26001
http://www.kb.cert.org/vuls/id/101321
http://www.securityfocus.com/archive/1/473294/100/0/threaded
http://www.securityfocus.com/bid/24779
http://www.securitytracker.com/id?1018354
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://www.vupen.com/english/advisories/2007/2480
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-07-10T22:00:00

Updated: 2024-08-07T13:57:54.941Z

Reserved: 2007-06-05T00:00:00

Link: CVE-2007-3038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-10T22:30:00.000

Modified: 2024-11-21T00:32:15.060

Link: CVE-2007-3038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "win-vista-firewall-information-disclosure(35322)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"}, {"name": "ADV-2007-2480", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2480"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"}, {"name": "24779", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24779"}, {"name": "oval:org.mitre.oval:def:1884", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"}, {"name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"}, {"name": "MS07-038", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"}, {"name": "VU#101321", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/101321"}, {"name": "1018354", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018354"}, {"name": "35952", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35952"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "26001", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-3038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT071446", "refsource": "HP", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "win-vista-firewall-information-disclosure(35322)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"}, {"name": "ADV-2007-2480", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2480"}, {"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt", "refsource": "CONFIRM", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"}, {"name": "24779", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24779"}, {"name": "oval:org.mitre.oval:def:1884", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"}, {"name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"}, {"name": "MS07-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"}, {"name": "VU#101321", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/101321"}, {"name": "1018354", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018354"}, {"name": "35952", "refsource": "OSVDB", "url": "http://osvdb.org/35952"}, {"name": "TA07-191A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "26001", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26001"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.941Z"}, "title": "CVE Program Container", "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "win-vista-firewall-information-disclosure(35322)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"}, {"name": "ADV-2007-2480", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2480"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"}, {"name": "24779", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24779"}, {"name": "oval:org.mitre.oval:def:1884", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"}, {"name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"}, {"name": "MS07-038", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"}, {"name": "VU#101321", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/101321"}, {"name": "1018354", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018354"}, {"name": "35952", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35952"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "26001", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26001"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-3038", "datePublished": "2007-07-10T22:00:00", "dateReserved": "2007-06-05T00:00:00", "dateUpdated": "2024-08-07T13:57:54.941Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "El interfaz Teredo de Microsoft Windows Vista y Vista x64 Edition no maneja adecuadamente cierto tr\u00e1fico de red, lo cual permite a atacantes remotos evitar las reglas de bloqueo del cortafuegos y obtener informaci\u00f3n sensible mediante tr\u00e1fico IPv6 manipulado artesanalmente, tambi\u00e9n conocido como \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability\"."}], "id": "CVE-2007-3038", "lastModified": "2024-11-21T00:32:15.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-10T22:30:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"source": "secure@microsoft.com", "url": "http://osvdb.org/35952"}, {"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/26001"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/101321"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/24779"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018354"}, {"source": "secure@microsoft.com", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/2480"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/101321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}