CVE Vulnerability

CVE-2008-0087

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

8.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 9.2

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/28553 Patch Third Party Advisory
http://www.securitytracker.com/id?1019802 Third Party Advisory VDB Entry
http://secunia.com/advisories/29696 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-099A.html Third Party Advisory US Government Resource
http://www.trusteer.com/docs/windowsresolver.html Broken Link
http://www.vupen.com/english/advisories/2008/1144/references Broken Link
http://marc.info/?l=bugtraq&m=120845064910729&w=2 Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314 Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020
http://www.securityfocus.com/archive/1/490575/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:sp2:*:*:pro:*:x64:*
Information

Published : 2008-04-08 11:05

Updated : 2018-10-30 04:25

NVD link : CVE-2008-0087

Mitre link : CVE-2008-0087

Products Affected
No products.
CWE
CWE-330