CVE-2008-5229

high

Description

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46742

http://www.securityfocus.com/archive/1/498650/100/0/threaded

http://www.securityfocus.com/archive/1/498471/100/0/threaded

http://secunia.com/advisories/32791

Details

Source: Mitre, NVD

Published: 2008-11-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01293