Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4300

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4300
Last Modified 29 Jan 2009 01:55:58
Published 29 Sep 2008 01:17:29
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4300

Summary

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

Vulnerable Systems

Application

  • Microsoft Iis


References

XF - iis-adsiis-activex-dos(45584)

BUGTRAQ - 20080924 Internet Information Service (adsiis.dll) activex remote DOS

SREASON - 4325


Last Updated: 27 May 2016 10:48:27