10
CVE-2008-3479
- EPSS 44.47%
- Veröffentlicht 15.10.2008 00:12:15
- Zuletzt bearbeitet 16.06.2026 22:55:54
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.47% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
http://secunia.com/advisories/32260
http://www.securityfocus.com/bid/31637
http://www.securitytracker.com/id?1021052
http://www.vupen.com/english/advisories/2008/2816
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065
https://exchange.xforce.ibmcloud.com/vulnerabilities/45537
https://exchange.xforce.ibmcloud.com/vulnerabilities/45538
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5998