Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:445F1CAC-C379-466A-AB3A-36C33D2AA1F5
HistoryApr 13, 2020 - 12:00 a.m.

Microsoft RPC Code Execution MS08-067

2020-04-1300:00:00
attackerkb.com
233

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka “Server Service Vulnerability.”

Recent assessments:

busterb at September 17, 2019 6:10pm UTC reported:

A classic vulnerability. Like small pox, you’d wish it was actually eradicated by now, but it still pops up occasionally in legacy systems.

jorgeorchilles at April 11, 2020 4:59pm UTC reported:

A classic vulnerability. Like small pox, you’d wish it was actually eradicated by now, but it still pops up occasionally in legacy systems.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

References

Related

openvas 9
prion 1
securityvulns 3
checkpoint_advisories 3
saint 4
nessus 3
cve 1
cert 1
seebug 2
canvas 1
zdt 1
cvelist 1
huawei 1
ics 1
nmap 1
trendmicroblog 1
openvas
openvas
Server Service Could Allow Remote Code Execution Vulnerability (958644)
2008-10-24 00:00:00
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
2008-10-30 00:00:00
Huawei Data Communication: Remote Code Execution Vulnerability in Microsoft Windows Server Service (huawei-sa-20171129-01-windows)
2020-06-05 00:00:00
prion
prion
Design/Logic Flaw
2008-10-23 22:00:00
securityvulns
securityvulns
Microsoft Windows code execution
2008-11-04 00:00:00
US-CERT Technical Cyber Security Alert TA08-297A -- Microsoft Windows Server Service RPC Vulnerability
2008-10-24 00:00:00
Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution (958644)
2008-10-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Server Service RPC Request Buffer Overflow (MS08-067; CVE-2008-4250)
2008-10-23 00:00:00
Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)
2017-04-27 00:00:00
Microsoft RPC Services Path Canonicalization Remote Code Execution (CVE-2008-4250)
2013-07-21 00:00:00
saint
saint
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
nessus
nessus
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)
2008-10-23 00:00:00
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
2008-10-23 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
cve
cve
CVE-2008-4250
2008-10-23 22:00:00
cert
cert
Microsoft Server service RPC stack buffer overflow vulnerability
2008-10-23 00:00:00
seebug
seebug
Windows ms08-067 缓冲区溢出漏洞
2012-10-15 00:00:00
Windows Server服务RPC请求缓冲区溢出漏洞(MS08-067)
2008-10-24 00:00:00
canvas
canvas
Immunity Canvas: MS08_067
2008-10-23 22:00:00
zdt
zdt
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit
2016-02-26 00:00:00
cvelist
cvelist
CVE-2008-4250
2008-10-23 21:00:00
huawei
huawei
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service
2017-11-29 00:00:00
ics
ics
Siemens Molecular Imaging Vulnerabilities
2017-08-03 12:00:00
nmap
nmap
smb-vuln-ms08-067 NSE Script
2015-10-03 06:07:49
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for AKB:445F1CAC-C379-466A-AB3A-36C33D2AA1F5
openvas9prion1securityvulns3checkpoint_advisories3saint4nessus3cve1cert1seebug2canvas1zdt1cvelist1huawei1ics1nmap1trendmicroblog1