Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4299

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4299
Last Modified 29 Jan 2009 01:55:58
Published 29 Sep 2008 01:17:29
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4299

Summary

A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

Vulnerable Systems

Application

  • Microsoft Internet Authentication Service Helper Com Component


References

XF - ias-helpercom-dos(45556)

BUGTRAQ - 20080924 IAS Helper COM Component (iashlpr.dll) activex remote DOS

SREASON - 4323


Last Updated: 27 May 2016 10:48:27