Vulnerability Name: | CVE-2008-1451 (CCN-42683) | ||||||||
Assigned: | 2008-06-10 | ||||||||
Published: | 2008-06-10 | ||||||||
Updated: | 2018-10-30 | ||||||||
Summary: | The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-1451 Source: CCN Type: HP Security Bulletin HPSBST02344 SSRT080087 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036 Source: CCN Type: SA30584 Microsoft Windows WINS Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 30584 Source: CCN Type: SECTRACK ID: 1020228 Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges Source: SECTRACK Type: Patch 1020228 Source: CCN Type: ASA-2008-239 MS08-034 Vulnerability in WINS Could Allow Elevation of Privilege (948745) Source: CCN Type: NORTEL BULLETIN ID: 2008008891, Rev 1 Centrex IP Client Manager (CICM) response to Microsoft June security bulletin Source: CCN Type: Microsoft Security Bulletin MS08-034 Vulnerability in WINS Could Allow Elevation of Privilege (948745) Source: CCN Type: Microsoft Security Bulletin MS09-008 Vulnerabilities in DNS and WINS server could allow Spoofing (962238) Source: BID Type: Exploit, Patch 29588 Source: CCN Type: BID-29588 Microsoft Windows WINS Server Local Privilege Escalation Vulnerability Source: CERT Type: US Government Resource TA08-162B Source: VUPEN Type: UNKNOWN ADV-2008-1781 Source: MS Type: UNKNOWN MS08-034 Source: XF Type: UNKNOWN wins-packet-code-execution(42683) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5582 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |