CVE-2007-1535

Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf
http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html
http://www.securityfocus.com/bid/23267
http://osvdb.org/33667
http://www.securityfocus.com/archive/1/464617/100/0/threaded
http://www.securityfocus.com/archive/1/462793/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

Information

Published : 2007-03-20 13:19

Updated : 2018-10-16 09:38

NVD link : CVE-2007-1535

Mitre link : CVE-2007-1535

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

windows_vista

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf", "name": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html", "name": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/23267", "name": "23267", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/33667", "name": "33667", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded", "name": "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded", "name": "20070313 New report on Windows Vista network attack surface", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1535", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-03-20T20:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:38Z"}