CVE-2008-4250

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 24-10-2008 12:00

Last modified: - 09-02-2022 03:36

Total changes: - 2

Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

10.0

Base score

10.0

Exploitability score

Impact score

Verification logic

vendor=microsoft AND product=windows_2000 AND version=- AND update=sp4

vendor=microsoft AND product=windows_server_2003 AND version=- AND target_hardware=x64

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp1

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp1 AND software_edition=- AND target_hardware=itanium

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2 AND target_hardware=itanium

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2 AND target_hardware=x64

vendor=microsoft AND product=windows_server_2008 AND version=- AND software_edition=- AND target_hardware=itanium

vendor=microsoft AND product=windows_server_2008 AND version=- AND software_edition=- AND target_hardware=x64

vendor=microsoft AND product=windows_server_2008 AND version=- AND software_edition=- AND target_hardware=x86

vendor=microsoft AND product=windows_vista AND version=-

vendor=microsoft AND product=windows_vista AND version=- AND target_hardware=x64

vendor=microsoft AND product=windows_vista AND version=- AND update=sp1

vendor=microsoft AND product=windows_vista AND version=- AND update=sp1 AND software_edition=- AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=- AND software_edition=professional AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=sp2

vendor=microsoft AND product=windows_xp AND version=- AND update=sp2 AND software_edition=professional AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=sp3

Reference

VU#827267-Third Party Advisory, US Government Resource
32326-Patch, Vendor Advisory
http://blogs.securiteam.com/index.php/archives/1150
1021091-Third Party Advisory, VDB Entry
31874-Exploit, Patch, Third Party Advisory, VDB Entry
TA08-297A-Third Party Advisory, US Government Resource
TA09-088A-Third Party Advisory, US Government Resource
ADV-2008-2902-Vendor Advisory
SSRT080164-Issue Tracking, Mailing List, Third Party Advisory
win-server-rpc-code-execution(46040)-Third Party Advisory, VDB Entry
7132-Exploit, Third Party Advisory, VDB Entry
7104-Exploit, Third Party Advisory, VDB Entry
6841-Exploit, Third Party Advisory, VDB Entry
6824-Exploit, Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:6093-Third Party Advisory
20081027 Windows RPC MS08-067 FAQ document updated-Third Party Advisory, VDB Entry
20081026 Windows RPC MS08-067 FAQ document released-Third Party Advisory, VDB Entry
MS08-067-Patch, Vendor Advisory

Keywords

CVE-2008-4250

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-4250

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures