CVE-2008-3466
Microsoft Host Integration Server 2006 Command Execution
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Microsoft Host Integration Server (HIS) 2000, 2004 y 2006 no limita el acceso RPC a funciones administrativas, lo que permite a atacantes remotos evitar la autentificación y ejecutar código de su elección mediante un mensaje SNA RPC, también conocido como "HIS Command Execution Vulnerability (Vulnerabilidad de Ejecución de Comandos HIS)".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-08-04 CVE Reserved
- 2008-10-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745 | Third Party Advisory | |
| http://www.securitytracker.com/id?1021043 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2810 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/31620 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32233 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Host Integration Server 2000 Search vendor "Microsoft" for product "Host Integration Server 2000" | * | client |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2000 Search vendor "Microsoft" for product "Host Integration Server 2000" | * | sp2, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2004 Search vendor "Microsoft" for product "Host Integration Server 2004" | * | client |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2004 Search vendor "Microsoft" for product "Host Integration Server 2004" | * | server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2004 Search vendor "Microsoft" for product "Host Integration Server 2004" | * | sp1, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2006 Search vendor "Microsoft" for product "Host Integration Server 2006" | * | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Host Integration Server 2006 Search vendor "Microsoft" for product "Host Integration Server 2006" | * | x86 |
Affected
| ||||||