Lucene search

[email protected]CVE-2008-1451

HistoryJun 12, 2008 - 2:32 a.m.

CVE-2008-1451

2008-06-1202:32:00

CWE-20

[email protected]

web.nvd.nist.gov

wins service

microsoft windows

privilege escalation

network packets

vulnerability

cve-2008-1451

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka “Memory Overwrite Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000Match-sp4

microsoftwindows_2003_serverMatch-sp1

microsoftwindows_2003_serverMatch-sp2

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq-
microsoft:windows_2003_servermicrosoft windows 2003 servereq-

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:windows_2003_server	microsoft windows 2003 server	eq	-

References

secunia.com/advisories/30584

securitytracker.com/id?1020228

www.securityfocus.com/bid/29588

www.us-cert.gov/cas/techalerts/TA08-162B.html

www.vupen.com/english/advisories/2008/1781

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-034

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5582

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2008-1451

checkpoint_advisories1 securityvulns2 prion1 cvelist1 canvas1 nessus1 nvd1 seebug1