Back to KEVs

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 25, 2008
Published Date
October 23, 2008
Last Updated
August 07, 2024
Vendor
Microsoft
Product
Windows
Description
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Tags
windows

CVSS Scores

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2008-10-23 21:00:00 UTC) Source

References

http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://secunia.com/advisories/32326 http://www.kb.cert.org/vuls/id/827267 http://www.securitytracker.com/id?1021091 https://www.exploit-db.com/exploits/7132 https://www.exploit-db.com/exploits/6841 http://www.securityfocus.com/bid/31874 http://marc.info/?l=bugtraq&m=122703006921213&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 http://blogs.securiteam.com/index.php/archives/1150 https://www.exploit-db.com/exploits/6824 http://www.vupen.com/english/advisories/2008/2902 https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 http://www.securityfocus.com/archive/1/497808/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA08-297A.html https://www.exploit-db.com/exploits/7104 http://www.us-cert.gov/cas/techalerts/TA09-088A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 http://www.securityfocus.com/archive/1/497816/100/0/threaded

Known Exploited Vulnerability Information

Source Added Date
CVE 2008-10-23 21:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel