CVE Vulnerability

CVE-2008-4269

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securitytracker.com/id?1021366
http://www.us-cert.gov/cas/techalerts/TA08-344A.html US Government Resource
http://secunia.com/advisories/33053
http://www.vupen.com/english/advisories/2008/3387
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6110
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
Information

Published : 2008-12-10 02:00

Updated : 2018-10-12 09:48

NVD link : CVE-2008-4269

Mitre link : CVE-2008-4269

Products Affected
No products.
CWE
CWE-399