CVE-2007-3898

Microsoft Windows - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3898. PoCs published by Alla Berzroutchko.

AI-analyzed exploit summary This exploit demonstrates DNS cache poisoning against Microsoft Windows DNS Server by spoofing DNS responses. It predicts transaction IDs and sends crafted UDP packets to corrupt the DNS cache with attacker-controlled records.

Description

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alla Berzroutchko · perlremotewindows
https://www.exploit-db.com/exploits/30636

This exploit demonstrates DNS cache poisoning against Microsoft Windows DNS Server by spoofing DNS responses. It predicts transaction IDs and sends crafted UDP packets to corrupt the DNS cache with attacker-controlled records.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: Microsoft Windows DNS Server (2007)
No auth needed
Prerequisites: Network access to target DNS server · Ability to send UDP packets to port 53
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb SCANNER VERIFIED
by Alla Berzroutchko · perlremotewindows
https://www.exploit-db.com/exploits/30635

This script analyzes DNS transaction IDs (TRXID) from Microsoft Windows DNS Server to predict the next TRXID values, which could aid in DNS cache poisoning attacks. It checks specific bit patterns and modular conditions to determine potential next TRXID values.

Classification
Scanner 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Windows DNS Server
No auth needed
Prerequisites: Access to DNS transaction IDs from the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Various Sources x_refsource_misc
http://www.trusteer.com/docs/windowsdns.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3848
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3373
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27584
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/484186/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
Various Sources x_refsource_misc
http://www.scanit.be/advisory-2007-11-14.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483698/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/484649
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25919
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483635/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018942

Scores

EPSS 0.5513
EPSS Percentile 98.9%

Details

CWE
CWE-16
Status published
Products (3)
microsoft/windows_2000 (20 CPE variants)
microsoft/windows_2003_server (11 CPE variants)
microsoft/windows_server_2003 (3 CPE variants)
Published Nov 14, 2007
Tracked Since Feb 18, 2026