CVE-2008-4250
HIGH
10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka 'Server Service Vulnerability.'
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9348
Percentile
1,0th
Updated
EPSS Score Trend (Last 75 Days)
94
Improper Control of Generation of Code ('Code Injection')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Hide Activities
Applicable Platforms
Languages:
Interpreted
Technologies:
AI/ML
Exploit
Microsoft Windows Server - Code Execution (PoC) (MS08-067)
VerifiedMicrosoft Windows Server - Code Execution (PoC) (MS08-067)
View Exploit Code →
Exploit
Microsoft Windows Server - Universal Code Execution (MS08-067)
VerifiedMicrosoft Windows Server - Universal Code Execution (MS08-067)
View Exploit Code →
Exploit
Microsoft Windows Server - Code Execution (MS08-067)
VerifiedMicrosoft Windows Server - Code Execution (MS08-067)
View Exploit Code →
Exploit
Microsoft Windows Server 2000/2003 - Code Execution (MS08-067)
VerifiedMicrosoft Windows Server 2000/2003 - Code Execution (MS08-067)
View Exploit Code →
Exploit
Microsoft Windows Server - Service Relative Path Stack …
Verified Metasploit Framework (MSF)Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
View Exploit Code →
Exploit
Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)
Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)
View Exploit Code →
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Xp by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Vista by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Xp by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Vista by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Vista by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Vista by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Xp by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Xp by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 2000 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2003 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
http://blogs.securiteam.com/index.php/archives/1150
http://marc.info/?l=bugtraq&m=122703006921213&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-0…
http://secunia.com/advisories/32326
https://exchange.xforce.ibmcloud.com/vulnerabilities/46040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://www.exploit-db.com/exploits/6824
https://www.exploit-db.com/exploits/6841
https://www.exploit-db.com/exploits/7104
https://www.exploit-db.com/exploits/7132
http://www.kb.cert.org/vuls/id/827267
http://www.securityfocus.com/archive/1/497808/100/0/threaded
http://www.securityfocus.com/archive/1/497816/100/0/threaded
http://www.securityfocus.com/bid/31874
http://www.securitytracker.com/id?1021091
http://www.us-cert.gov/cas/techalerts/TA08-297A.html
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
http://www.vupen.com/english/advisories/2008/2902
http://blogs.securiteam.com/index.php/archives/1150
http://marc.info/?l=bugtraq&m=122703006921213&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-0…
http://secunia.com/advisories/32326
https://exchange.xforce.ibmcloud.com/vulnerabilities/46040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://www.exploit-db.com/exploits/6824
https://www.exploit-db.com/exploits/6841
https://www.exploit-db.com/exploits/7104
https://www.exploit-db.com/exploits/7132
http://www.kb.cert.org/vuls/id/827267
http://www.securityfocus.com/archive/1/497808/100/0/threaded
http://www.securityfocus.com/archive/1/497816/100/0/threaded
http://www.securityfocus.com/bid/31874
http://www.securitytracker.com/id?1021091
http://www.us-cert.gov/cas/techalerts/TA08-297A.html
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
http://www.vupen.com/english/advisories/2008/2902