10
CVE-2008-3466
- EPSS 84.72%
- Published 15.10.2008 00:12:15
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Host Integration Server 2000 SwEditionclient
Microsoft ≫ Host Integration Server 2000 Updatesp2 SwEditionserver
Microsoft ≫ Host Integration Server 2004 SwEditionclient
Microsoft ≫ Host Integration Server 2004 SwEditionserver
Microsoft ≫ Host Integration Server 2004 Updatesp1 SwEditionserver
Microsoft ≫ Host Integration Server 2006 HwPlatformx64
Microsoft ≫ Host Integration Server 2006 HwPlatformx86
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 84.72% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.