Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4835

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4835
Last Modified 07 Mar 2011 10:13:22
Published 14 Jan 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4835

Summary

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

CERT - TA09-013A

MS - MS09-001

MISC - http://www.zerodayinitiative.com/advisories/ZDI-09-002/

VUPEN - ADV-2009-0116

SECTRACK - 1021560

BID - 33122

BUGTRAQ - 20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability


Last Updated: 27 May 2016 10:48:38