Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2007-3898

Published: 14/11/2007 Updated: 07/07/2021
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 650
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Microsoft

Vulnerability Summary

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote malicious users to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000

microsoft windows server 2003

microsoft windows 2003 server

Exploits

Exploit DB: Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (2)
source: wwwsecurityfocuscom/bid/25919/info Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests A successful attack will corrupt the DNS cache with attacker-specified content This may aid in further attacks such as phishing #!/usr/bin/perl use strict; use Net::DNS; us ...
Exploit DB: Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (1)
source: wwwsecurityfocuscom/bid/25919/info Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests A successful attack will corrupt the DNS cache with attacker-specified content This may aid in further attacks such as phishing $TRXID=$ARGV[0]; $zero=$TRXID>>14; if ($ ...

References

CWE-16http://www.trusteer.com/docs/windowsdns.htmlhttp://www.kb.cert.org/vuls/id/484649http://www.securityfocus.com/bid/25919http://www.securitytracker.com/id?1018942http://secunia.com/advisories/27584http://www.scanit.be/advisory-2007-11-14.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-317A.htmlhttp://securityreason.com/securityalert/3373http://www.vupen.com/english/advisories/2007/3848https://exchange.xforce.ibmcloud.com/vulnerabilities/36805https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062http://www.securityfocus.com/archive/1/484186/100/0/threadedhttp://www.securityfocus.com/archive/1/483698/100/0/threadedhttp://www.securityfocus.com/archive/1/483635/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/30636/https://www.kb.cert.org/vuls/id/484649
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook