Vulnerabilities > CVE-2007-3681 - Local Privilege Escalation vulnerability in Winpcap 3.1/4.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit. CVE-2007-3681. Local exploit for windows platform |
file | exploits/windows/local/4165.c |
id | EDB-ID:4165 |
last seen | 2016-01-31 |
modified | 2007-07-10 |
platform | windows |
port | |
published | 2007-07-10 |
reporter | Mario Ballano Bárcena |
source | https://www.exploit-db.com/download/4165/ |
title | WinPcap 4.0 - NPF.SYS Privilege Elevation Vulnerability PoC Exploit |
type | local |
Nessus
NASL family | Windows |
NASL id | WINPCAP_NPF_SYS_PRIV_ESCALATION.NASL |
description | WinPcap, a packet capture and filtering engine, is installed on the remote Windows host. The version of WinPcap on the remote host enables a local user to execute arbitrary code in kernel context because it fails to sufficiently sanitize Interrupt Request Packet parameters before passing them to the BIOCGSTATS IOCTL. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25684 |
published | 2007-07-10 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25684 |
title | WinPcap NPF.SYS Local Privilege Escalation |
code |
|
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
- http://osvdb.org/37889
- http://secunia.com/advisories/25982
- http://securitytracker.com/id?1018350
- http://www.securityfocus.com/archive/1/473270/100/0/threaded
- http://www.securityfocus.com/archive/1/473297/100/0/threaded
- http://www.securityfocus.com/archive/1/473301/100/0/threaded
- http://www.securityfocus.com/bid/24829
- http://www.vupen.com/english/advisories/2007/2468
- http://www.winpcap.org/misc/changelog.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35309
- https://www.exploit-db.com/exploits/4165