CVE-2007-1531
published 2007-03-20CVE-2007-1531: Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
22.82%
97.4th percentile
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect gratuitous ARP packets where the sender protocol address (psrc) equals the target protocol address (pdst) — the exploit sets a.psrc=a.pdst to forge a gratuitous ARP for the victim's own IP, which triggers the Vista network stack DoS. ↗
- →Detect ARP reply packets (op=2) broadcast to ff:ff:ff:ff:ff:ff on the local segment where the sender IP matches the target IP — this is the specific packet shape used to crash the Vista network interface. ↗
- →Monitor for repeated ARP op=2 (reply) frames sent to the broadcast MAC ff:ff:ff:ff:ff:ff; the exploit loops every 3 seconds re-sending the forged gratuitous ARP until the victim interface stops responding. ↗
- →Attack requires layer-2 adjacency; scope detection to the local network segment. An attacker on the same LAN segment sends the malicious ARP to cause the Vista host's NIC to stop responding. ↗
- ·The exploit depends on the scapy library; defenders can use this as a hunting pivot — look for scapy-generated frames (e.g. default scapy Ethernet padding/TTL artefacts) combined with gratuitous ARP patterns. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
exploitdb·2007-05-15·CVSS 5.0
CVE-2007-1531 [MEDIUM] Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
---
#!/usr/bin/env python
#
# :: Kristian Hermansen ::
# Date: 20070514
# Reference: CVE-2007-1531
# Description: Microsoft Windows Vista (SP0) dumps interfaces when
# it receives this ARP packet. This DoS is useful for an internet
# cafe, wireless venue, or legitimate local attack. The victim will
# need to manually refresh their network interface. OK, sure
# it's a dumb local attack, but why does Vista disable iface!?!??
# -> Thanks to Newsham / Hoagland
# Vulnerable: Microsoft Windows Vista (SP0) [All Versions]
# Tested:
# * victim == Windows Vista Enterprise (SP0) [English]
# * attacker == Ubuntu Feisty (7.04)
# Usage: python fISTArp.py
# Depends: scapy.py
# [?] If you don't have scapy
# [+] wget http://hg.se
Exploit-DB
Microsoft Windows Vista - ARP Table Entries Denial of Service
exploitdb·2004-04-02·CVSS 5.0
CVE-2007-1531 [MEDIUM] Microsoft Windows Vista - ARP Table Entries Denial of Service
Microsoft Windows Vista - ARP Table Entries Denial of Service
---
source: https://www.securityfocus.com/bid/23266/info
Microsoft Windows Vista is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer. To exploit this issue, attackers must have access to the local network segment of a target computer.
Remote attackers can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users.
#!/usr/bin/env python
#
# :: Kristian Hermansen ::
# Date: 20070514
# Reference: CVE-2007-1531
# Description: Microsoft Windows Vista (SP0) dumps interfaces when
# it receives this ARP packet. This DoS is useful for an internet
# cafe, wireless venue, or legitim
No writeups or analysis indexed.
http://osvdb.org/33664http://www.securityfocus.com/archive/1/462793/100/0/threadedhttp://www.securityfocus.com/archive/1/464617/100/0/threadedhttp://www.securityfocus.com/bid/23266http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdfhttp://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.htmlhttp://osvdb.org/33664http://www.securityfocus.com/archive/1/462793/100/0/threadedhttp://www.securityfocus.com/archive/1/464617/100/0/threadedhttp://www.securityfocus.com/bid/23266http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdfhttp://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html
2007-03-20
Published