Unrated severityNVD Advisory· Published Nov 14, 2007· Updated Jun 16, 2026
CVE-2007-3898
CVE-2007-3898
Description
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*+ 19 more
- cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*+ 13 more
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- Range: 2000 Server SP4, Server 2003 SP1 and SP2
Patches
Vulnerability mechanics
References
15- secunia.com/advisories/27584nvdPatchVendor Advisory
- www.securityfocus.com/bid/25919nvdExploitPatch
- www.kb.cert.org/vuls/id/484649nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA07-317A.htmlnvdUS Government Resource
- securityreason.com/securityalert/3373nvd
- www.scanit.be/advisory-2007-11-14.htmlnvd
- www.securityfocus.com/archive/1/483635/100/0/threadednvd
- www.securityfocus.com/archive/1/483698/100/0/threadednvd
- www.securityfocus.com/archive/1/484186/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.trusteer.com/docs/windowsdns.htmlnvd
- www.vupen.com/english/advisories/2007/3848nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36805nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395nvd
News mentions
0No linked articles in our index yet.