CVE-2008-4250

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://blogs.securiteam.com/index.php/archives/1150 Permissions Required
http://marc.info/?l=bugtraq&m=122703006921213&w=2 Issue Tracking Mailing List Third Party Advisory
http://secunia.com/advisories/32326 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/827267 Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/497808/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497816/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31874 Exploit Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021091 Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-297A.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-088A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/2902 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 Third Party Advisory
https://www.exploit-db.com/exploits/6824 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6841 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7104 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7132 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
History

09 Feb 2022, 14:36

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*		 cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
References (HP) http://marc.info/?l=bugtraq&m=122703006921213&w=2 - (HP) http://marc.info/?l=bugtraq&m=122703006921213&w=2 - Issue Tracking, Mailing List, Third Party Advisory
References (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 - (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 - Patch, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/497808/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/497808/100/0/threaded - Third Party Advisory, VDB Entry
References (CERT) http://www.us-cert.gov/cas/techalerts/TA09-088A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA09-088A.html - Third Party Advisory, US Government Resource
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/6824 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/6824 - Exploit, Third Party Advisory, VDB Entry
References (CERT) http://www.us-cert.gov/cas/techalerts/TA08-297A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA08-297A.html - Third Party Advisory, US Government Resource
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/7104 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/7104 - Exploit, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1021091 - (SECTRACK) http://www.securitytracker.com/id?1021091 - Third Party Advisory, VDB Entry
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/6841 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/6841 - Exploit, Third Party Advisory, VDB Entry
References (CERT-VN) http://www.kb.cert.org/vuls/id/827267 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/827267 - Third Party Advisory, US Government Resource
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 - Third Party Advisory, VDB Entry
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 - Third Party Advisory
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/7132 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/7132 - Exploit, Third Party Advisory, VDB Entry
References (MISC) http://blogs.securiteam.com/index.php/archives/1150 - (MISC) http://blogs.securiteam.com/index.php/archives/1150 - Permissions Required
References (BUGTRAQ) http://www.securityfocus.com/archive/1/497816/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/497816/100/0/threaded - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/31874 - Exploit, Patch (BID) http://www.securityfocus.com/bid/31874 - Exploit, Patch, Third Party Advisory, VDB Entry
Information

Published : 2008-10-23 22:00

Updated : 2024-02-04 17:33

NVD link : CVE-2008-4250

Mitre link : CVE-2008-4250

CVE.ORG link : CVE-2008-4250

JSON object : View

Products Affected

microsoft

  • windows_xp
  • windows_server_2008
  • windows_2000
  • windows_vista
  • windows_server_2003
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')