CVE-2008-4250

CVSS 9.8 - CRITICAL

Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Affected Products

18

Vendor	Product	Version
microsoft	windows_2000	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2003	`-`
microsoft	windows_server_2008	`-`
microsoft	windows_server_2008	`-`
microsoft	windows_server_2008	`-`
microsoft	windows_vista	`-`
microsoft	windows_vista	`-`
microsoft	windows_vista	`-`
microsoft	windows_vista	`-`
microsoft	windows_xp	`-`
microsoft	windows_xp	`-`
microsoft	windows_xp	`-`
microsoft	windows_xp	`-`

References

http://blogs.securiteam.com/index.php/archives/115...

http://marc.info/?l=bugtraq&m=122703006921213&w=2

http://secunia.com/advisories/32326

http://www.kb.cert.org/vuls/id/827267

http://www.securityfocus.com/archive/1/497808/100/...

http://www.securityfocus.com/archive/1/497816/100/...

http://www.securityfocus.com/bid/31874

http://www.securitytracker.com/id?1021091

http://www.us-cert.gov/cas/techalerts/TA08-297A.ht...

http://www.us-cert.gov/cas/techalerts/TA09-088A.ht...

http://www.vupen.com/english/advisories/2008/2902

https://docs.microsoft.com/en-us/security-updates/...

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://oval.cisecurity.org/repository/search/defi...

https://www.exploit-db.com/exploits/6824

https://www.exploit-db.com/exploits/6841

https://www.exploit-db.com/exploits/7104

https://www.exploit-db.com/exploits/7132

http://blogs.securiteam.com/index.php/archives/115...

http://marc.info/?l=bugtraq&m=122703006921213&w=2

Weakness Types

CWE-94 CWE-119

CVE Information

CVE ID:: CVE-2008-4250
Published:: 2008-10-23
Modified:: 2026-05-21
CVSS Score:: 9.8
Severity:: CRITICAL
Vector:: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

microsoft

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL