CVE-2008-5229
Microsoft Windows Vista - 'iphlpapi.dll' Local Kernel Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
Un desbordamiento de búfer en la región stack de la memoria en Device IO Control de Microsoft en la biblioteca iphlpapi.dll en Microsoft Windows Vista Gold y SP1, permite a los usuarios locales del grupo Operador de Configuración de Red alcanzar privilegios o causar una denegación de servicio (bloqueo del sistema) por medio de un prefixLength largo no válido en el método CreateIpForwardEntry2, como es demostrado mediante un comando "route add". NOTA: es posible que este problema no cruce los límites de privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-11-19 First Exploit
- 2008-11-25 CVE Reserved
- 2008-11-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/498471/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/498650/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46742 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32590 | 2008-11-19 | |
| http://securityreason.com/securityalert/4646 | 2024-08-07 | |
| http://securitytracker.com/id?1021245 | 2024-08-07 | |
| http://www.securityfocus.com/bid/32357 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32791 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | gold Search vendor "Microsoft" for product "Windows Vista" and version "gold" | - |
Affected
| ||||||