CVE-2008-4250

CVSS V2 High 10 CVSS V3 None
Description
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Overview
  • CVE ID
  • CVE-2008-4250
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2008-10-23T22:00:01
  • Last Modified Date
  • 2022-02-09T14:36:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:* 1 OR
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* 1 OR
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.kb.cert.org/vuls/id/827267 Third Party Advisory US Government Resource
http://secunia.com/advisories/32326 Patch Vendor Advisory
http://blogs.securiteam.com/index.php/archives/1150 Permissions Required
http://www.securitytracker.com/id?1021091 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31874 Exploit Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-297A.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-088A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/2902 Vendor Advisory
http://marc.info/?l=bugtraq&m=122703006921213&w=2 Issue Tracking Mailing List Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7132 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7104 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6841 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6824 Exploit Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 Third Party Advisory
http://www.securityfocus.com/archive/1/497816/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497808/100/0/threaded Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 Patch Vendor Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 06:33:30 Added to TrackCVE