Lucene search

K

[email protected]NVD:CVE-2008-1440

HistoryJun 12, 2008 - 2:32 a.m.

CVE-2008-1440

2008-06-1202:32:00

CWE-1284

[email protected]

web.nvd.nist.gov

4

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.3

Confidence

High

EPSS

0.053

Percentile

93.1%

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the “PGM Invalid Length Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_server_2003sp1

OR

microsoftwindows_server_2003Match-sp2

OR

microsoftwindows_xpsp2

OR

microsoftwindows_xpsp3

References

secunia.com/advisories/30587

securitytracker.com/id?1020230

www.securityfocus.com/bid/29508

www.us-cert.gov/cas/techalerts/TA08-162B.html

www.vupen.com/english/advisories/2008/1783

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.3

Confidence

High

EPSS

0.053

Percentile

93.1%

Related for NVD:CVE-2008-1440

cvelist1 cve1 checkpoint_advisories1 prion1 openvas2 securityvulns2 nessus1 seebug1