CVE-2008-5229

Microsoft Windows Vista Gold & SP1 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marius Wachtler · clocalwindows

https://www.exploit-db.com/exploits/32590

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/32791

[Exploit] http://securityreason.com/securityalert/4646

[Exploit] http://securitytracker.com/id?1021245

[Exploit] http://www.securityfocus.com/bid/32357

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46742

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498471/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498650/100/0/threaded

Scores

EPSS 0.0101

EPSS Percentile 77.2%

Details

CWE

CWE-119

Status published

Products (2)

microsoft/windows_vista

microsoft/windows_vista gold

Published Nov 25, 2008

Tracked Since Feb 18, 2026