Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4800


Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4800
Last Modified 29 Jan 2009 01:57:29
Published 30 Oct 2008 08:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Vulnerable Systems


  • Microsoft Debug Diagnostic Tool


XF - debugdiagnostic-debugdiag-dos(46309)

BID - 31996

BUGTRAQ - 20081030 DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference

SREASON - 4532

Last Updated: 27 May 2016 10:48:38