Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-4037
HistoryNov 12, 2008 - 11:30 p.m.

CVE-2008-4037

2008-11-1223:30:02
CWE-287
[email protected]
web.nvd.nist.gov
71
cve-2008-4037
microsoft
windows
ntlm
smb
remote code execution
vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka “SMB Credential Reflection Vulnerability.” NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

Affected configurations

NVD
Node
microsoftwindowsMatchserver_2003sp1
OR
microsoftwindowsMatchserver_2003sp1itanium
OR
microsoftwindowsMatchserver_2003sp2
OR
microsoftwindowsMatchserver_2003sp2itanium
OR
microsoftwindowsMatchserver_2003sp2x64
OR
microsoftwindowsMatchserver_2003unknownx64
OR
microsoftwindowsMatchxpsp2
OR
microsoftwindowsMatchxpsp2x64
OR
microsoftwindowsMatchxpsp3
OR
microsoftwindowsMatchxpunknownx64
OR
microsoftwindows_2000Match-sp4
OR
microsoftwindows_server_2008Match-itanium
OR
microsoftwindows_server_2008Match-x32
OR
microsoftwindows_server_2008Match-x64
OR
microsoftwindows_vistaMatch-
OR
microsoftwindows_vistaMatch-x64
OR
microsoftwindows_vistaMatch-sp1

Related

cvelist 3
prion 2
nvd 3
openvas 3
checkpoint_advisories 1
securityvulns 3
seebug 1
saint 4
nessus 2
packetstorm 1
cve 2
cvelist
cvelist
CVE-2008-4037
2008-11-12 23:00:00
CVE-2000-0834
2001-01-22 05:00:00
CVE-2009-1930
2009-08-12 17:00:00
prion
prion
Design/Logic Flaw
2008-11-12 23:30:00
Design/Logic Flaw
2009-08-12 17:30:00
nvd
nvd
CVE-2008-4037
2008-11-12 23:30:02
CVE-2000-0834
2000-11-14 05:00:00
CVE-2009-1930
2009-08-12 17:30:00
openvas
openvas
SMB Could Allow Remote Code Execution Vulnerability (957097)
2008-11-12 00:00:00
SMB Could Allow Remote Code Execution Vulnerability (957097)
2008-11-12 00:00:00
Nmap NSE 6.01: smb-security-mode
2013-02-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Credential Reflection Remote Code Execution (MS08-068; CVE-2008-4037)
2008-11-11 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-068 – Important Vulnerability in SMB Could Allow Remote Code Execution (957097)
2008-11-12 00:00:00
Microsoft fixed SMB NTLM relay attacks
2011-04-26 00:00:00
Microsoft Office multiple security vulnerabilities
2008-12-11 00:00:00
seebug
seebug
Microsoft Windows SMB凭据反射漏洞(MS08-068)
2008-11-13 00:00:00
saint
saint
Windows SMB credential reflection vulnerability
2009-05-07 00:00:00
Windows SMB credential reflection vulnerability
2009-05-07 00:00:00
Windows SMB credential reflection vulnerability
2009-05-07 00:00:00
nessus
nessus
MS08-068: Vulnerability in SMB Could Allow Remote Code Execution (957097)
2008-11-12 00:00:00
MS00-067: Telnet Client NTLM Authentication Vulnerability (272743)
2000-09-25 00:00:00
packetstorm
packetstorm
Microsoft Windows SMB Relay Code Execution
2009-11-26 00:00:00
cve
cve
CVE-2000-0834
2001-01-22 05:00:00
CVE-2009-1930
2009-08-12 17:30:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON
Related for CVE-2008-4037
cvelist3prion2nvd3openvas3checkpoint_advisories1securityvulns3seebug1saint4nessus2packetstorm1cve2