8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.946 High
EPSS
Percentile
99.2%
Added: 12/11/2008
CVE: CVE-2008-4269
BID: 32652
OSVDB: 50566
The search-ms protocol allows applications to query the Windows Search index.
A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments to Windows Explorer.
Apply the patch referenced in Microsoft Security Bulletin 08-075.
<http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx>
Exploit works on Windows Vista SP0 and requires the target to have access to the specified share.
Before this exploit can succeed, the /exploit.exe file must be downloaded from the exploit server and saved on the specified share.
Windows Vista