9
CVE-2008-1457
- EPSS 54.93%
- Published 13.08.2008 12:42:00
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows-nt Version2008
Microsoft ≫ Windows-nt Versionvista Editiongold
Microsoft ≫ Windows-nt Versionxp Updatesp3
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 54.93% | 0.98 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.