Computer Security

CVE-2008-4250
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2008-4250
StatusCandidate
DescriptionThe Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
SeverityHigh
CVSS score10
CVSS vector(AV:N/AC:L/Au:N/C:C/I:C/A:C)
PhaseAssigned (14.06.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4250
ReferencesBID : 31874
 BUGTRAQ : 20081026 Windows RPC MS08-067 FAQ document released
 BUGTRAQ : 20081027 Windows RPC MS08-067 FAQ document updated
 CERT-VN : VU#827267
 CERT : TA08-297A
 CERT : TA09-088A
 MILW0RM : 6824
 MILW0RM : 6841
 MILW0RM : 7104
 MILW0RM : 7132
 MISC : http://blogs.securiteam.com/index.php/archives/1150
 MS : MS08-067
 OVAL : oval:org.mitre.oval:def:6093
 SECTRACK : 1021091
 SECTRACK : 1021091
 SECUNIA : 32326
 VUPEN : ADV-2008-2902
 XF : win-server-rpc-code-execution(46040)
SecurityVulns:Microsoft Windows code execution
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server