CVE-2008-0087

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows Vista; Windows 2003 Server; Windows-nt
Vendor: CVE Published:; 8 April 2008

Summary

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=120845064910729&w=2

vendor-advisoryx_refsource_HP

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Jan 3, 2008

Collectors

NVD DatabaseMitre Database