CVE-2008-1446
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
Desbordamiento de entero en la extensión Internet Printing Protocol (IPP) ISAPI en Microsoft Internet Information Services (IIS) v5.0 hasta v7.0 en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008, permite a atacantes remotos autenticados ejecutar código arbitrario a través de un petición HTTP POST que dispara un conexión IPP de salida desde un servidor Web a la máquina manejada por el atacante, también conocida como "Vulnerabilidad de servicio por Desbordamiento de entero en IPP".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-21 CVE Reserved
- 2008-10-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/32248 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/793233 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/31682 | Third Party Advisory | |
| http://www.securitytracker.com/id?1021048 | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2813 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45545 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45548 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062 | 2020-11-23 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | 2020-11-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2, itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, professional |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, professional, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Information Services Search vendor "Microsoft" for product "Internet Information Services" | >= 5.0 <= 7.0 Search vendor "Microsoft" for product "Internet Information Services" and version " >= 5.0 <= 7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp3, professional |
Safe
|