DNS Client Vulnerability in Microsoft Windows Operating Systems
CVE-2008-0087

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows 2000
Windows Vista
Windows 2003 Server
Windows-nt
Vendor
CVE Published:
8 April 2008

Summary

In certain versions of Microsoft Windows, including Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista, the DNS client utilizes predictable transaction IDs. This design flaw allows remote attackers to forge DNS responses, leading to potential cache poisoning attacks and malicious redirection to unauthorized sites. Users of these operating systems should evaluate their security posture and consider implementing mitigation strategies to protect against this vulnerability.

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html
third-party-advisoryx_refsource_CERT
http://marc.info/?l=bugtraq&m=120845064910729&w=2
vendor-advisoryx_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.