Lucene search

[email protected]NVD:CVE-2008-2547

HistoryJun 04, 2008 - 7:32 p.m.

CVE-2008-2547

2008-06-0419:32:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.

Affected configurations

NVD

Node

microsoftwindows_installer

microsoftwindows_installerMatch3.1.4000.1823

microsoftwindows_installerMatch4.5.6001.22159

References

www.aushack.com/200806-msiexec.txt

www.securityfocus.com/archive/1/492961/100/0/threaded

www.securityfocus.com/archive/1/492986/100/0/threaded

www.securityfocus.com/archive/1/492992/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/42887

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for NVD:CVE-2008-2547

cvelist1 prion1 cve1