Lucene search

[email protected]NVD:CVE-2008-3648

HistoryAug 12, 2008 - 11:41 p.m.

CVE-2008-3648

2008-08-1223:41:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.149

Percentile

95.9%

JSON

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.

Affected configurations

Nvd

Node

microsoftwindows_xpsp2

VendorProductVersionCPE
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

References

packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt

www.nullcode.com.ar/ncs/crash/nsloo.htm

www.securityfocus.com/bid/30636

www.securitytracker.com/id?1020711

exchange.xforce.ibmcloud.com/vulnerabilities/44423

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.149

Percentile

95.9%

JSON

Related for NVD:CVE-2008-3648

prion1 cvelist1 openvas2 cve1