Vulnerability Details : CVE-2008-5229
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-5229
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 20 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5229
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
[email protected] |
CWE ids for CVE-2008-5229
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2008-5229
-
http://www.securityfocus.com/archive/1/498471/100/0/threaded
-
http://securitytracker.com/id?1021245
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46742
-
http://www.securityfocus.com/archive/1/498650/100/0/threaded
-
http://securityreason.com/securityalert/4646
Exploit
-
http://www.securityfocus.com/bid/32357
Exploit
Products affected by CVE-2008-5229
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*