CVE-2007-3898
Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
El servidor DNS en Microsoft Windows 2000 Server SP4, y Server 2003 SP1 y SP2, utiliza transacciones predecibles IDs cuando consultan otros servidores DNS, lo cual permite a atacantes remotos suplantando respuestas DNS, envenenar la cache DNS, y facilitar vectores de ataque más adelante.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-07-19 CVE Reserved
- 2007-11-13 First Exploit
- 2007-11-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-16: Configuration
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3373 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/484649 | Third Party Advisory |
|
| http://www.scanit.be/advisory-2007-11-14.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/483635/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/483698/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018942 | Vdb Entry | |
| http://www.trusteer.com/docs/windowsdns.html | X_refsource_misc | |
| http://www.us-cert.gov/cas/techalerts/TA07-317A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/3848 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36805 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30635 | 2007-11-13 | |
| https://www.exploit-db.com/exploits/30636 | 2007-11-13 | |
| http://www.securityfocus.com/bid/25919 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27584 | 2021-07-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/484186/100/0/threaded | 2021-07-07 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062 | 2021-07-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | gold |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | gold, adv_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | gold, datacenter_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | gold, srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, adv_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, datacenter_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, adv_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, datacenter_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, adv_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, datacenter_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, adv_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, datacenter_srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, srv |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | gold |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | gold, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | gold, std |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | gold, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | gold, x64-std |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1, std |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2, std |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Affected
| ||||||