CVE-2008-1446 — HIGH (9.0) — White Hats Nepal

Q: How severe is CVE-2008-1446?

CVE-2008-1446 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1446?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services, Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp.

Vulnerability Description

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Microsoft	Internet Information Services	>= 5.0, <= 7.0
Microsoft	Windows 2000	-
Microsoft	Windows Server 2003	-
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-190

References

http://marc.info/?l=bugtraq&m=122479227205998&w=2Issue TrackingThird Party Advisory
http://secunia.com/advisories/32248Third Party Advisory
http://www.kb.cert.org/vuls/id/793233Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/31682Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1021048Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2008/2813Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-06PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45545Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45548Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://marc.info/?l=bugtraq&m=122479227205998&w=2Issue TrackingThird Party Advisory
http://secunia.com/advisories/32248Third Party Advisory
http://www.kb.cert.org/vuls/id/793233Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/31682Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-1446?

CVE-2008-1446 is a vulnerability with a CVSS score of 9.0 (HIGH). Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, ...

How severe is CVE-2008-1446?

CVE-2008-1446 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1446?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services, Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp.