Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0087

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

Published

2008-04-08T23:05:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

9.2

Weaknesses
  • Type: Primary
    CWE-330
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_server_2003 - Yes
Operating System microsoft windows_server_2003 - Yes
Operating System microsoft windows_vista - Yes
Operating System microsoft windows_xp - Yes
Operating System microsoft windows_xp - Yes
Operating System microsoft windows_xp - Yes
References