7.1

CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 50.59% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

http://www.us-cert.gov/cas/techalerts/TA08-162B.html
Third Party Advisory
US Government Resource
Broken Link
http://secunia.com/advisories/30587
Vendor Advisory
Broken Link
Permissions Required
http://securitytracker.com/id?1020230
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/29508
Patch
Third Party Advisory
Broken Link
VDB Entry