7.1

CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.59% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

http://www.us-cert.gov/cas/techalerts/TA08-162B.html
Third Party Advisory
US Government Resource
Broken Link
http://secunia.com/advisories/30587
Vendor Advisory
Broken Link
Permissions Required
http://securitytracker.com/id?1020230
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/29508
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2008/1783
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
Broken Link