CVE-2008-4835

2009-01-1422:30:00

CWE-94

[email protected]

web.nvd.nist.gov

smb

server service

microsoft windows

remote code execution

vulnerability

nvd

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.898 High

EPSS

Percentile

98.8%

JSON

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified “fields inside the SMB packets” in an NT Trans2 request, related to “insufficiently validating the buffer size,” aka “SMB Validation Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*