CVE-2008-3479
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
El servicio Microsoft Message Queuing (MSMQ) en Microsoft Windows 2000 SP4 no valida correctamente los parámetros a string APIs, lo que permite a atacantes remotos ejecutar código de su elección mediante una llamada RPC manipulada que desborda una "petición de montículo" también conocida como "Message Queuing Service Remote Code Execution Vulnerability (Vulnerabilidad de Ejecución de Código Remoto en essage Queuing Service)".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-04 CVE Reserved
- 2008-10-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1021052 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-288A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2816 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45537 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45538 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5998 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://dvlabs.tippingpoint.com/advisory/TPTI-08-07 | 2018-10-12 | |
| http://secunia.com/advisories/32260 | 2018-10-12 | |
| http://www.securityfocus.com/bid/31637 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122479227205998&w=2 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
| ||||||