CVE Reference: CVE-2008-4250

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2008-4250

Description:
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/46040

ST
  1021091

SAID
  Secunia Advisory: SA32326

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6093

MS
  http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx

MISC
  http://blogs.securiteam.com/index.php/archives/1150

MILW0RM
  http://www.milw0rm.com/exploits/7132
  http://www.milw0rm.com/exploits/7104
  http://www.milw0rm.com/exploits/6841
  http://www.milw0rm.com/exploits/6824

HP
  http://marc.info/?l=bugtraq&m=122703006921213&w=2

CERT-VN
  827267

CERT
  http://www.us-cert.gov/cas/techalerts/TA09-088A.html
  http://www.us-cert.gov/cas/techalerts/TA08-297A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/497816/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/497808/100/0/threaded

BID
  31874


Return to the previous page.