Lucene search

[email protected]CVE-2008-0951

HistoryMar 24, 2008 - 10:44 p.m.

CVE-2008-0951

2008-03-2422:44:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-0951

security vulnerability

microsoft windows vista

nodrivetypeautorun

registry

autorun.inf

u3-enabled usb

autorun

autoplay

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.279 Low

EPSS

Percentile

96.8%

JSON

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*

References

secunia.com/advisories/29458

www.kb.cert.org/vuls/id/889747

www.securityfocus.com/bid/28360

www.securitytracker.com/id?1020446

www.vupen.com/english/advisories/2008/0954/references

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038

exchange.xforce.ibmcloud.com/vulnerabilities/41349

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.279 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2008-0951

prion2 cert1 openvas2 cve1 securityvulns1