CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*

Information

Published : 2008-10-23 10:00

Updated : 2022-02-09 02:36


NVD link : CVE-2008-4250

Mitre link : CVE-2008-4250

Products Affected
No products.
CWE