7.2

CVE-2008-1451

Exploit
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Version- Updatesp4
MicrosoftWindows 2003 Server Version- Updatesp1
MicrosoftWindows 2003 Server Version- Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.14% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.us-cert.gov/cas/techalerts/TA08-162B.html
US Government Resource
http://secunia.com/advisories/30584
Vendor Advisory
http://securitytracker.com/id?1020228
Patch
http://www.securityfocus.com/bid/29588
Patch
Exploit
http://www.vupen.com/english/advisories/2008/1781
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5582