Vulnerability-Lookup

FKIE_CVE-2007-3038

Vulnerability from fkie_nvd - Published: 2007-07-10 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."

References

URL	Tags
secure@microsoft.com	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
secure@microsoft.com	http://osvdb.org/35952
secure@microsoft.com	http://secunia.com/advisories/26001
secure@microsoft.com	http://www.kb.cert.org/vuls/id/101321	US Government Resource
secure@microsoft.com	http://www.securityfocus.com/archive/1/473294/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/24779
secure@microsoft.com	http://www.securitytracker.com/id?1018354
secure@microsoft.com	http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2480
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884
af854a3a-2127-422b-91ae-364da2661108	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35952
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26001
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/101321	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473294/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24779
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018354
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2480
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35322
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884

Impacted products

	Vendor	Product	Version
	microsoft	windows_vista	*
	microsoft	windows_vista	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El interfaz Teredo de Microsoft Windows Vista y Vista x64 Edition no maneja adecuadamente cierto tr\u00e1fico de red, lo cual permite a atacantes remotos evitar las reglas de bloqueo del cortafuegos y obtener informaci\u00f3n sensible mediante tr\u00e1fico IPv6 manipulado artesanalmente, tambi\u00e9n conocido como \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability\"."
    }
  ],
  "id": "CVE-2007-3038",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-10T22:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35952"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/26001"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/101321"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24779"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018354"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2480"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/101321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-3038 (GCVE-0-2007-3038)

Vulnerability from cvelistv5 – Published: 2007-07-10 22:00 – Updated: 2024-08-07 13:57

Summary

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://archive.cert.uni-stuttgart.de/bugtraq/2007…	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2007/2480	vdb-entryx_refsource_VUPEN
	http://www.symantec.com/content/en/us/enterprise/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/24779	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/473294/100…	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.kb.cert.org/vuls/id/101321	third-party-advisoryx_refsource_CERT-VN
	http://www.securitytracker.com/id?1018354	vdb-entryx_refsource_SECTRACK
	http://osvdb.org/35952	vdb-entryx_refsource_OSVDB
	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/26001	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT071446",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
          },
          {
            "name": "win-vista-firewall-information-disclosure(35322)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
          },
          {
            "name": "ADV-2007-2480",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
          },
          {
            "name": "24779",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24779"
          },
          {
            "name": "oval:org.mitre.oval:def:1884",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
          },
          {
            "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
          },
          {
            "name": "MS07-038",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
          },
          {
            "name": "VU#101321",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/101321"
          },
          {
            "name": "1018354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018354"
          },
          {
            "name": "35952",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35952"
          },
          {
            "name": "TA07-191A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
          },
          {
            "name": "26001",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SSRT071446",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
        },
        {
          "name": "win-vista-firewall-information-disclosure(35322)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
        },
        {
          "name": "ADV-2007-2480",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
        },
        {
          "name": "24779",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24779"
        },
        {
          "name": "oval:org.mitre.oval:def:1884",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
        },
        {
          "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
        },
        {
          "name": "MS07-038",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
        },
        {
          "name": "VU#101321",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/101321"
        },
        {
          "name": "1018354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018354"
        },
        {
          "name": "35952",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35952"
        },
        {
          "name": "TA07-191A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
        },
        {
          "name": "26001",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3038",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT071446",
              "refsource": "HP",
              "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
            },
            {
              "name": "win-vista-firewall-information-disclosure(35322)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35322"
            },
            {
              "name": "ADV-2007-2480",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2480"
            },
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt"
            },
            {
              "name": "24779",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24779"
            },
            {
              "name": "oval:org.mitre.oval:def:1884",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1884"
            },
            {
              "name": "20070709 SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473294/100/0/threaded"
            },
            {
              "name": "MS07-038",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-038"
            },
            {
              "name": "VU#101321",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/101321"
            },
            {
              "name": "1018354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018354"
            },
            {
              "name": "35952",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35952"
            },
            {
              "name": "TA07-191A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
            },
            {
              "name": "26001",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-3038",
    "datePublished": "2007-07-10T22:00:00",
    "dateReserved": "2007-06-05T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2007-3038

CVE-2007-3038 (GCVE-0-2007-3038)

Tags

Sightings

Nomenclature