Lucene search

K

[email protected]NVD:CVE-2008-4269

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4269

2008-12-1014:00:01

CWE-399

[email protected]

web.nvd.nist.gov

3

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.948

Percentile

99.3%

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka “Windows Search Parsing Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_server_2008

OR

microsoftwindows_server_2008itanium

OR

microsoftwindows_server_2008x32

OR

microsoftwindows_server_2008x64

OR

microsoftwindows_vistax64

OR

microsoftwindows_vistagold

OR

microsoftwindows_vistasp1

References

secunia.com/advisories/33053

www.securitytracker.com/id?1021366

www.us-cert.gov/cas/techalerts/TA08-344A.html

www.vupen.com/english/advisories/2008/3387

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6110

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.948

Percentile

99.3%

Related for NVD:CVE-2008-4269

saint4 prion1 seebug1 cve1 checkpoint_advisories1 cvelist1 nessus1 securityvulns2 openvas2