OpenCVE

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows Vista Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

No data.

References

Link	Providers
http://osvdb.org/33664
http://www.securityfocus.com/archive/1/462793/100/0/threaded
http://www.securityfocus.com/archive/1/464617/100/0/threaded
http://www.securityfocus.com/bid/23266
http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf
http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-20T20:00:00

Updated: 2024-08-07T12:59:08.643Z

Reserved: 2007-03-20T00:00:00

Link: CVE-2007-1531

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-20T20:19:00.000

Modified: 2024-11-21T00:28:32.757

Link: CVE-2007-1531

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf"}, {"name": "20070313 New report on Windows Vista network attack surface", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded"}, {"name": "33664", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33664"}, {"name": "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html"}, {"name": "23266", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23266"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1531", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf", "refsource": "MISC", "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf"}, {"name": "20070313 New report on Windows Vista network attack surface", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded"}, {"name": "33664", "refsource": "OSVDB", "url": "http://osvdb.org/33664"}, {"name": "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded"}, {"name": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html", "refsource": "MISC", "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html"}, {"name": "23266", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23266"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:59:08.643Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf"}, {"name": "20070313 New report on Windows Vista network attack surface", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded"}, {"name": "33664", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33664"}, {"name": "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html"}, {"name": "23266", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23266"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1531", "datePublished": "2007-03-20T20:00:00", "dateReserved": "2007-03-20T00:00:00", "dateUpdated": "2024-08-07T12:59:08.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host."}, {"lang": "es", "value": "Microsoft Windows XP y Vista sobrescriben las entradas de la tabla de ARP incluidas en el ARP gratuito, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e9rdida de acceso a la red) al enviar un ARP gratuito para la direcci\u00f3n del host de Vista."}], "id": "CVE-2007-1531", "lastModified": "2024-11-21T00:28:32.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-20T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33664"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23266"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}