Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1446

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1446
Last Modified 07 Mar 2011 10:07:06
Published 14 Oct 2008 08:12:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1446

Summary

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Xp

Application

  • Microsoft Iis 5.0

  • Microsoft Iis 5.1

  • Microsoft Iis 6.0

  • Microsoft Iis 7.0


References

CERT - TA08-288A

CERT-VN - VU#793233

BID - 31682

MS - MS08-062

XF - win-ms08kb953155-update(45548)

XF - win-ipp-service-code-execution(45545)

VUPEN - ADV-2008-2813

SECTRACK - 1021048

SECUNIA - 32248

HP - SSRT080143

HP - HPSBST02379


Last Updated: 27 May 2016 10:47:28