Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1456

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1456
Last Modified 07 Mar 2011 10:07:07
Published 13 Aug 2008 08:42:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1456

Summary

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server

  • Microsoft Windows Xp

  • Microsoft Windows-nt 2008

  • Microsoft Windows-nt Vista

  • Microsoft Windows-nt Xp


References

CERT - TA08-225A

MS - MS08-049

SECUNIA - 31417

VUPEN - ADV-2008-2353

SECTRACK - 1020677

BID - 30586

HP - SSRT080117

HP - HPSBST02360


Last Updated: 27 May 2016 10:47:28