CVE-2007-5756

Name of the Vulnerable Software and Affected Versions WinPcap versions prior to 4.0.2

Description The issue is related to multiple array index errors in the bpf filter init function in NPF.SYS, which occurs when WinPcap is run in monitor mode. This can be exploited by local users via crafted IOCTL requests to gain privileges. The affected software is used in Wireshark and possibly other products.

Recommendations For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the bpf filter init function until a patch is available. Avoid using the IOCTL requests that can trigger the array index errors in the affected function.