CVE-2008-4114
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
7.4 High
AI Score
Confidence
High
0.111 Low
EPSS
Percentile
95.2%
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to “insufficiently validating the buffer size,” as demonstrated by a request to the \PIPE\lsarpc named pipe, aka “SMB Validation Denial of Service Vulnerability.”
Affected configurations
References
secunia.com/advisories/31883
www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1
www.securityfocus.com/archive/1/496354/100/0/threaded
www.securityfocus.com/bid/31179
www.securitytracker.com/id?1020887
www.us-cert.gov/cas/techalerts/TA09-013A.html
www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm
www.vupen.com/english/advisories/2008/2583
docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
exchange.xforce.ibmcloud.com/vulnerabilities/45146
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044
www.exploit-db.com/exploits/6463
Related
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
7.4 High
AI Score
Confidence
High
0.111 Low
EPSS
Percentile
95.2%