WinPcap NPF.SYS Local Privilege Escalation

Medium Nessus Plugin ID 25684


The remote Windows host contains an application that is prone to a local privilege escalation vulnerability.


WinPcap, a packet capture and filtering engine, is installed on the remote Windows host.

The version of WinPcap on the remote host enables a local user to execute arbitrary code in kernel context because it fails to sufficiently sanitize Interrupt Request Packet parameters before passing them to the BIOCGSTATS IOCTL.


Upgrade to WinPcap version 4.0.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 25684

File Name: winpcap_npf_sys_priv_escalation.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2007/07/10

Modified: 2015/01/12

Dependencies: 13855, 10456

Risk Information

Risk Factor: Medium


Base Score: 6.6

Temporal Score: 5.5

Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/07/10

Exploitable With


Core Impact

Reference Information

CVE: CVE-2007-3681

BID: 24829

OSVDB: 37889