CVE Vulnerability

CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

7.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.us-cert.gov/cas/techalerts/TA08-162B.html Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/29508 Patch
http://securitytracker.com/id?1020230 Third Party Advisory VDB Entry
http://secunia.com/advisories/30587 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2008/1783 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
Information

Published : 2008-06-12 02:32

Updated : 2018-10-12 09:45

NVD link : CVE-2008-1440

Mitre link : CVE-2008-1440

Products Affected
No products.
CWE
CWE-20