9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.224 Low
EPSS
Percentile
96.0%
Name | ms08_049 |
---|---|
CVE | CVE-2008-1457 Exploit Pack |
VENDOR: Microsoft | |
Notes: Due to the fact that the svchost.exe instance where the EventSystem service is running is DEP protected, and that all loaded DLLs have GS cookies and SafeSEH enabled, the stack overflow can only be exploit when DEP is AlwaysOff (at least at the current state of our knowledge) | |
Repeatability: One Shot | |
MSRC: http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx | |
MSADV: MS08-049 | |
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1457 | |
Date public: 08/12/2008 | |
CVSS: 9.0 |