7.1
CVE-2008-1440
- EPSS 22.59%
- Veröffentlicht 12.06.2008 02:32:00
- Zuletzt bearbeitet 16.06.2026 22:51:44
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.59% | 0.974 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
http://secunia.com/advisories/30587
http://securitytracker.com/id?1020230
http://www.securityfocus.com/bid/29508
http://www.vupen.com/english/advisories/2008/1783
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473