CVE-2008-0083

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0083
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://marc.info/?l=bugtraq&m=120845064910729&w=2
http://secunia.com/advisories/29712 Vendor Advisory
http://www.securityfocus.com/bid/28551 Patch
http://www.securitytracker.com/id?1019799
http://www.us-cert.gov/cas/techalerts/TA08-099A.html US Government Resource
http://www.vupen.com/english/advisories/2008/1146/references Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5495
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
History

No history.

Information

Published : 2008-04-08 23:05

Updated : 2024-02-04 17:33

NVD link : CVE-2008-0083

Mitre link : CVE-2008-0083

CVE.ORG link : CVE-2008-0083

JSON object : View

Products Affected

microsoft

  • windows_xp
  • windows_2003_server
  • windows_2000
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')