Vulnerability Description
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30587Broken LinkPermissions RequiredVendor Advisory
- http://securitytracker.com/id?1020230Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/29508Broken LinkPatchThird Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1783Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-03PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://secunia.com/advisories/30587Broken LinkPermissions RequiredVendor Advisory
- http://securitytracker.com/id?1020230Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/29508Broken LinkPatchThird Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1783Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-03PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
FAQ
What is CVE-2008-1440?
CVE-2008-1440 is a vulnerability with a CVSS score of 7.1 (HIGH). Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a...
How severe is CVE-2008-1440?
CVE-2008-1440 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1440?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2003, Microsoft Windows Xp.