[email protected]CVE-2008-4269

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4269

2008-12-1014:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4269

windows vista

server 2008

windows search

parsing vulnerability

nvd

microsoft windows

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.2%

JSON

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka “Windows Search Parsing Vulnerability.”

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_server_2008microsoft windows server 2008eq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*

References

secunia.com/advisories/33053

www.securitytracker.com/id?1021366

www.us-cert.gov/cas/techalerts/TA08-344A.html

www.vupen.com/english/advisories/2008/3387

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6110

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2008-4269

prion1 saint4 seebug1 checkpoint_advisories1 securityvulns2 nessus1 openvas2