Lucene search

[email protected]CVE-2008-4269

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4269

2008-12-1014:00:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4269

windows vista

server 2008

windows search

parsing vulnerability

nvd

microsoft windows

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka “Windows Search Parsing Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2008

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_vistax64

microsoftwindows_vistagold

microsoftwindows_vistasp1

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*

References

secunia.com/advisories/33053

www.securitytracker.com/id?1021366

www.us-cert.gov/cas/techalerts/TA08-344A.html

www.vupen.com/english/advisories/2008/3387

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6110

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON

Related for CVE-2008-4269

prion1 nvd1 seebug1 saint4 checkpoint_advisories1 cvelist1 nessus1 securityvulns2 openvas2