CVE-2008-1451

The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30584	Vendor Advisory
http://securitytracker.com/id?1020228	Patch
http://www.securityfocus.com/bid/29588	Exploit Patch
http://www.us-cert.gov/cas/techalerts/TA08-162B.html	US Government Resource
http://www.vupen.com/english/advisories/2008/1781
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5582

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2::::::

History

No history.

Information

Published : 2008-06-12 02:32

Updated : 2024-02-04 17:33

NVD link : CVE-2008-1451

Mitre link : CVE-2008-1451

CVE.ORG link : CVE-2008-1451

JSON object : View

Products Affected

microsoft

windows_2003_server
windows_2000

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2008-1451", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-12T02:32:00.000", "references": [{"url": "http://secunia.com/advisories/30584", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1020228", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/29588", "tags": ["Exploit", "Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1781", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-034", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5582", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka \"Memory Overwrite Vulnerability.\""}, {"lang": "es", "value": "El servicio WINS en Microsoft Windows 2000 SP4, y Server 2003 SP1 y SP2 no verifica adecuadamente las estructuras de datos en paquetes de red WINS, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocida como \"Vulnerabilidad de sobrescritura de memoria\""}], "lastModified": "2018-10-30T16:25:40.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}