CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
100.0%
Added: 10/24/2008
CVE: CVE-2008-4250
BID: 31874
OSVDB: 49243
The Windows Server service supports file, print, and named-pipe sharing over the network.
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.
Apply the patch referenced in Microsoft Security Bulletin 08-067.
<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>
Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.
Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2