Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4250

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4250
Last Modified 30 Oct 2012 11:04:11
Published 23 Oct 2008 06:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4250

Summary

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

CERT - TA09-088A

CERT - TA08-297A

CERT-VN - VU#827267

BID - 31874

MS - MS08-067

SECUNIA - 32326

XF - win-server-rpc-code-execution(46040)

VUPEN - ADV-2008-2902

SECTRACK - 1021091

BUGTRAQ - 20081027 Windows RPC MS08-067 FAQ document updated

BUGTRAQ - 20081026 Windows RPC MS08-067 FAQ document released

MILW0RM - 7132

MILW0RM - 7104

MILW0RM - 6841

MILW0RM - 6824

MISC - http://blogs.securiteam.com/index.php/archives/1150

HP - SSRT080164

HP - HPSBST02386


Last Updated: 27 May 2016 11:01:21