9.3
CVE-2008-4037
- EPSS 59.14%
- Veröffentlicht 12.11.2008 23:30:02
- Zuletzt bearbeitet 16.06.2026 22:57:02
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Version- Updatesp4
Microsoft ≫ Windows Server 2008 Version- Editionitanium
Microsoft ≫ Windows Server 2008 Version- Editionx32
Microsoft ≫ Windows Server 2008 Version- Editionx64
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Editionx64
Microsoft ≫ Windows Vista Version- Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 59.14% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://marc.info/?l=bugtraq&m=122703006921213&w=2
http://www.us-cert.gov/cas/techalerts/TA08-316A.html
http://osvdb.org/49736
http://secunia.com/advisories/32633
http://securitytracker.com/id?1021163
http://www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html
http://www.securityfocus.com/bid/7385
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README
http://www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/
http://www.vupen.com/english/advisories/2008/3110
http://www.xfocus.net/articles/200305/smbrelay.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012
https://www.exploit-db.com/exploits/7125