Vulnerability Name:

CVE-2008-4250 (CCN-46040)

Assigned:2008-10-23
Published:2008-10-23
Updated:2022-02-09
Summary:The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Permissions Required
http://blogs.securiteam.com/index.php/archives/1150

Source: MITRE
Type: CNA
CVE-2008-4250

Source: HP
Type: Issue Tracking, Mailing List, Third Party Advisory
SSRT080164

Source: CCN
Type: SA32326
Microsoft Windows Server Service Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
32326

Source: CCN
Type: SECTRACK ID: 1021091
Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-427
MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution (958644)

Source: CCN
Type: NORTEL BULLETIN ID: 2008009147, Rev 2
Nortel Response to Microsoft Security Bulletin MS08-067

Source: CCN
Type: Microsoft Security Bulletin MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)

Source: CCN
Type: Microsoft Security Bulletin MS16-087
Security Update for the Microsoft Print Spooler (3170005)

Source: CCN
Type: US-CERT VU#827267
Microsoft Server service RPC stack buffer overflow vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#827267

Source: CCN
Type: Microsoft Security Bulletin MS08-067
Vulnerability in Server Service Could Allow Remote Code Execution (958644)

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20081026 Windows RPC MS08-067 FAQ document released

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20081027 Windows RPC MS08-067 FAQ document updated

Source: BID
Type: Exploit, Patch, Third Party Advisory, VDB Entry
31874

Source: CCN
Type: BID-31874
Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1021091

Source: CERT
Type: Third Party Advisory, US Government Resource
TA08-297A

Source: CERT
Type: Third Party Advisory, US Government Resource
TA09-088A

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2902

Source: MS
Type: Patch, Vendor Advisory
MS08-067

Source: XF
Type: Third Party Advisory, VDB Entry
win-server-rpc-code-execution(46040)

Source: XF
Type: UNKNOWN
win-server-rpc-code-execution(46040)

Source: CCN
Type: NMAP Web site
File smb-vuln-conficker

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6093

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-21-2011]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
6824

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
6841

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
7104

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
7132

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
  • OR cpe:/o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
  • OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:::x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_vista:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6093
    V
    		Server Service Vulnerability
    2011-11-07
    BACK
    microsoft windows 2000 - sp4
    microsoft windows server 2003 -
    microsoft windows server 2003 - sp1
    microsoft windows server 2003 - sp1
    microsoft windows server 2003 - sp2
    microsoft windows server 2003 - sp2
    microsoft windows server 2003 - sp2
    microsoft windows server 2008 -
    microsoft windows server 2008 -
    microsoft windows server 2008 -
    microsoft windows vista -
    microsoft windows vista -
    microsoft windows vista - sp1
    microsoft windows vista - sp1
    microsoft windows xp - -
    microsoft windows xp - sp2
    microsoft windows xp - sp2
    microsoft windows xp - sp3
    microsoft windows 2000 sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows xp
    microsoft windows 2003_server sp1_itanium
    microsoft windows vista
    microsoft windows server_2003
    microsoft windows server_2003
    microsoft windows server_2003
    microsoft windows vista
    microsoft windows xp sp2
    microsoft windows vista sp1
    microsoft windows vista sp1
    microsoft windows server 2008
    microsoft windows server 2008 -
    microsoft windows server 2008 -
    microsoft windows xp sp3