CVE-2008-3479

{"id": "CVE-2008-3479", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-15T00:12:15.910", "references": [{"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-07", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/32260", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/31637", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1021052", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2816", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45537", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45538", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5998", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka \"Message Queuing Service Remote Code Execution Vulnerability.\""}, {"lang": "es", "value": "El servicio Microsoft Message Queuing (MSMQ) en Microsoft Windows 2000 SP4 no valida correctamente los par\u00e1metros a string APIs, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una llamada RPC manipulada que desborda una \"petici\u00f3n de mont\u00edculo\" tambi\u00e9n conocida como \"Message Queuing Service Remote Code Execution Vulnerability (Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remoto en essage Queuing Service)\"."}], "lastModified": "2018-10-12T21:48:17.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}