Vulnerability Details : CVE-2008-0087
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
Products affected by CVE-2008-0087
- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0087
69.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0087
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | AV:N/AC:M/Au:N/C:N/I:C/A:C |
8.6
|
9.2
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-14 |
CWE ids for CVE-2008-0087
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0087
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020
Microsoft Security Bulletin MS08-020 - Important | Microsoft LearnPatch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314
404 Not FoundBroken Link;Third Party Advisory
-
http://www.securitytracker.com/id?1019802
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://www.trusteer.com/docs/windowsresolver.html
Trusteer Solutions | IBMBroken Link
-
http://www.securityfocus.com/bid/28553
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/490575/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Page Not Found | CISABroken Link;Third Party Advisory;US Government Resource
-
http://secunia.com/advisories/29696
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=120845064910729&w=2
'[security bulletin] HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARCMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/1144/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
Jump to