Vulnerability Details : CVE-2007-3681
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2007-3681
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3681
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.6
|
MEDIUM | AV:L/AC:M/Au:S/C:C/I:C/A:C |
2.7
|
10.0
|
NIST |
References for CVE-2007-3681
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
-
http://www.winpcap.org/misc/changelog.htm
WinPcap ยท Change Log
-
http://www.securityfocus.com/archive/1/473297/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35309
-
http://www.vupen.com/english/advisories/2007/2468
-
https://www.exploit-db.com/exploits/4165
-
http://www.securityfocus.com/archive/1/473301/100/0/threaded
-
http://www.securityfocus.com/bid/24829
Patch
-
http://www.securityfocus.com/archive/1/473270/100/0/threaded
-
http://securitytracker.com/id?1018350
Products affected by CVE-2007-3681
- cpe:2.3:a:winpcap:winpcap:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:winpcap:winpcap:3.1:*:*:*:*:*:*:*