CVE-2008-4250

Vulnerability Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://blogs.securiteam.com/index.php/archives/1150Permissions Required
• http://marc.info/?l=bugtraq&m=122703006921213&w=2Issue TrackingMailing ListThird Party Advisory
• http://secunia.com/advisories/32326PatchVendor Advisory
• http://www.kb.cert.org/vuls/id/827267Third Party AdvisoryUS Government Resource
• http://www.securityfocus.com/archive/1/497808/100/0/threadedThird Party AdvisoryVDB EntryBroken Link
• http://www.securityfocus.com/archive/1/497816/100/0/threadedThird Party AdvisoryVDB EntryBroken Link
• http://www.securityfocus.com/bid/31874ExploitPatchThird Party Advisory
• http://www.securitytracker.com/id?1021091Third Party AdvisoryVDB EntryBroken Link
• http://www.us-cert.gov/cas/techalerts/TA08-297A.htmlThird Party AdvisoryUS Government ResourceBroken Link
• http://www.us-cert.gov/cas/techalerts/TA09-088A.htmlThird Party AdvisoryUS Government Resource
• http://www.vupen.com/english/advisories/2008/2902Vendor Advisory
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-06PatchVendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/46040Third Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party AdvisoryBroken Link
• https://www.exploit-db.com/exploits/6824ExploitThird Party AdvisoryVDB Entry