CVE-2008-4250
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
View on NVDAnalysis
Microsoft Windows contains a critical pre-authentication remote code execution (RCE) vulnerability in the Server service. An attacker can gain full control of the system via a crafted RPC request; this specific flaw was famously used by the Conficker worm and remains on the CISA KEV list.
Relevant roles
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-94CWE-119CISA KEV
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS
Affects
microsoft:windows_2000microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xpTechnical description
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
References
- http://blogs.securiteam.com/index.php/archives/1150
- http://marc.info/?l=bugtraq&m=122703006921213&w=2
- http://secunia.com/advisories/32326
- http://www.kb.cert.org/vuls/id/827267
- http://www.securityfocus.com/archive/1/497808/100/0/threaded
- http://www.securityfocus.com/archive/1/497816/100/0/threaded
- http://www.securityfocus.com/bid/31874
- http://www.securitytracker.com/id?1021091