CVE-2008-4834

CVSS V2 High 10 CVSS V3 None
Description
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
Overview
  • CVE ID
  • CVE-2008-4834
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-01-14T22:30:00
  • Last Modified Date
  • 2019-02-26T14:04:00
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.zerodayinitiative.com/advisories/ZDI-09-001/
http://www.us-cert.gov/cas/techalerts/TA09-013A.html US Government Resource
http://www.securityfocus.com/bid/33121
http://www.securitytracker.com/id?1021560
http://www.vupen.com/english/advisories/2009/0116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5863
http://www.securityfocus.com/archive/1/500012/100/0/threaded
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-4834
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4834
History
Created Old Value New Value Data Type Notes
2022-05-10 07:57:50 Added to TrackCVE