CVE-2008-4037
7.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.116 Low
EPSS
Percentile
95.2%
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka “SMB Credential Reflection Vulnerability.” NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
References
marc.info/?l=bugtraq&m=122703006921213&w=2
osvdb.org/49736
secunia.com/advisories/32633
securitytracker.com/id?1021163
www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html
www.securityfocus.com/bid/7385
www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch
www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README
www.us-cert.gov/cas/techalerts/TA08-316A.html
www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/
www.vupen.com/english/advisories/2008/3110
www.xfocus.net/articles/200305/smbrelay.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012
www.exploit-db.com/exploits/7125
Related
7.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.116 Low
EPSS
Percentile
95.2%