CVE-2007-3898
Microsoft Windows - Info Disclosure
Title source: llmDescription
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Alla Berzroutchko · perlremotewindows
https://www.exploit-db.com/exploits/30636
exploitdb
SCANNER
VERIFIED
by Alla Berzroutchko · perlremotewindows
https://www.exploit-db.com/exploits/30635
References (15)
Scores
EPSS
0.8637
EPSS Percentile
99.4%
Details
CWE
CWE-16
Status
published
Products (3)
microsoft/windows_2000
(20 CPE variants)
microsoft/windows_2003_server
(11 CPE variants)
microsoft/windows_server_2003
(3 CPE variants)
Published
Nov 14, 2007
Tracked Since
Feb 18, 2026