Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:05193C6EDE76EF045B25B16DEC1AC969
HistoryOct 24, 2008 - 12:00 a.m.

Windows Server Service buffer overflow MS08-067

2008-10-2400:00:00
SAINT Corporation
download.saintcorporation.com
8

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Added: 10/24/2008
CVE: CVE-2008-4250
BID: 31874
OSVDB: 49243

Background

The Windows Server service supports file, print, and named-pipe sharing over the network.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-067.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx&gt;

Limitations

Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.

Platforms

Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2

Related

checkpoint_advisories 3
seebug 2
canvas 1
nessus 3
attackerkb 1
openvas 9
cert 1
saint 3
securityvulns 3
cve 1
prion 1
zdt 1
huawei 1
ics 1
nmap 1
trendmicroblog 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)
2017-04-27 00:00:00
Microsoft Windows Server Service RPC Request Buffer Overflow (MS08-067; CVE-2008-4250)
2008-10-23 00:00:00
Microsoft RPC Services Path Canonicalization Remote Code Execution (CVE-2008-4250)
2013-07-21 00:00:00
seebug
seebug
Windows ms08-067 缓冲区溢出漏洞
2012-10-15 00:00:00
Windows Server服务RPC请求缓冲区溢出漏洞(MS08-067)
2008-10-24 00:00:00
canvas
canvas
Immunity Canvas: MS08_067
2008-10-23 22:00:00
nessus
nessus
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
2008-10-23 00:00:00
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)
2008-10-23 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
attackerkb
attackerkb
Microsoft RPC Code Execution MS08-067
2020-04-13 00:00:00
openvas
openvas
Conficker Detection
2009-04-17 00:00:00
Server Service Could Allow Remote Code Execution Vulnerability (958644)
2008-10-24 00:00:00
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
2008-10-30 00:00:00
cert
cert
Microsoft Server service RPC stack buffer overflow vulnerability
2008-10-23 00:00:00
saint
saint
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA08-297A -- Microsoft Windows Server Service RPC Vulnerability
2008-10-24 00:00:00
Microsoft Windows code execution
2008-11-04 00:00:00
Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution &#40;958644&#41;
2008-10-24 00:00:00
cve
cve
CVE-2008-4250
2008-10-23 22:00:00
prion
prion
Design/Logic Flaw
2008-10-23 22:00:00
zdt
zdt
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit
2016-02-26 00:00:00
huawei
huawei
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service
2017-11-29 00:00:00
ics
ics
Siemens Molecular Imaging Vulnerabilities
2017-08-03 12:00:00
nmap
nmap
smb-vuln-ms08-067 NSE Script
2015-10-03 06:07:49
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for SAINT:05193C6EDE76EF045B25B16DEC1AC969
checkpoint_advisories3seebug2canvas1nessus3attackerkb1openvas9cert1saint3securityvulns3cve1prion1zdt1huawei1ics1nmap1trendmicroblog1