Search

Find a vulnerability

Search criteria

    33 vulnerabilities found for windows-nt by microsoft

    VAR-200804-0154

    Vulnerability from variot - Updated: 2025-04-10 23:19

    Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple QuickTime is prone to an unspecified remote code-execution vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. Successful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application. This may facilitate a compromise of affected computers. This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200804-0154",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "quicktime",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "*"
          },
          {
            "model": "quicktime",
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "vista sp11"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "sp3 sp2"
          },
          {
            "model": "windows vista",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows-nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "vista"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "sp2"
          },
          {
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.4"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apple:quicktime",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "pdp from GNUCITIZEN",
        "sources": [
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2008-2010",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2008-2010",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-32135",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2008-2010",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2008-2010",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200804-428",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-32135",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.  NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple QuickTime is prone to an unspecified remote code-execution vulnerability. \nVery few technical details are currently available. We will update this BID as more information emerges. \nSuccessful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application.  This may facilitate a compromise of affected computers. \nThis issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-2010",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "28959",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1019950",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "42098",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-32135",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "id": "VAR-200804-0154",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T23:19:52.481000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.apple.com/quicktime/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://windows.microsoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/28959"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id?1019950"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2010"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2010"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/42098"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/quicktime/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "db": "BID",
            "id": "28959"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-04-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "date": "2008-04-28T00:00:00",
            "db": "BID",
            "id": "28959"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "date": "2008-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "date": "2008-04-30T00:10:00",
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-32135"
          },
          {
            "date": "2008-04-30T17:26:00",
            "db": "BID",
            "id": "28959"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          },
          {
            "date": "2008-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2008-2010"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Windows XP and  Vista of  Apple QuickTime Player Vulnerable to arbitrary code execution",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-003018"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200804-428"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200803-0457

    Vulnerability from variot - Updated: 2025-04-10 23:16

    The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ----------------------------------------------------------------------

    A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

    Download and test it today: https://psi.secunia.com/

    Read more about this new version: https://psi.secunia.com/?page=changelog


    TITLE: Panda Products cpoint.sys Privilege Escalation Vulnerabilities

    SECUNIA ADVISORY ID: SA29311

    VERIFY ADVISORY: http://secunia.com/advisories/29311/

    CRITICAL: Less critical

    IMPACT: Privilege escalation, DoS

    WHERE: Local system

    SOFTWARE: Panda Internet Security 2008 http://secunia.com/product/17681/ Panda Antivirus + Firewall 2008 http://secunia.com/product/17905/

    DESCRIPTION: Tobias Klein has reported some vulnerabilities in Panda products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

    Input validation errors in the cpoint.sys driver when handling certain IOCTL requests (e.g.

    The vulnerabilities affect the following products: * Panda Internet Security 2008 * Panda Antivirus + Firewall 2008

    SOLUTION: Apply hotfix.

    Panda Internet Security 2008 (hfp120801s1.exe): http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe

    Panda Antivirus + Firewall 2008 (hft70801s1.exe): http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe

    PROVIDED AND/OR DISCOVERED BY: Tobias Klein

    ORIGINAL ADVISORY: Panda: http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp

    http://www.trapkit.de/advisories/TKADV2008-001.txt


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0457",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "internet security",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "panda",
            "version": "2008"
          },
          {
            "model": "antivirus and firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "panda",
            "version": "2008"
          },
          {
            "model": "antivirus and firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "2008"
          },
          {
            "model": "internet security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "2008"
          },
          {
            "model": "windows-nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "xp"
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "pro"
          },
          {
            "model": "windows-nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "vista"
          },
          {
            "model": "windows vista",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "model": "antivirus firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "+2008"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus_and_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pandasecurity:panda_internet_security",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery is credited to Tobias Klein.",
        "sources": [
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2008-1471",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2008-1471",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-31596",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2008-1471",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2008-1471",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200803-380",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-31596",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nPanda Products cpoint.sys Privilege Escalation Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29311\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29311/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation, DoS\n\nWHERE:\nLocal system\n\nSOFTWARE:\nPanda Internet Security 2008\nhttp://secunia.com/product/17681/\nPanda Antivirus + Firewall 2008\nhttp://secunia.com/product/17905/\n\nDESCRIPTION:\nTobias Klein has reported some vulnerabilities in Panda products,\nwhich can be exploited by malicious, local users to cause a DoS\n(Denial of Service) or gain escalated privileges. \n\nInput validation errors in the cpoint.sys driver when handling\ncertain IOCTL requests (e.g. \n\nThe vulnerabilities affect the following products:\n* Panda Internet Security 2008\n* Panda Antivirus + Firewall 2008\n\nSOLUTION:\nApply hotfix. \n\nPanda Internet Security 2008 (hfp120801s1.exe):\nhttp://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe\n\nPanda Antivirus + Firewall 2008 (hft70801s1.exe):\nhttp://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nTobias Klein\n\nORIGINAL ADVISORY:\nPanda:\nhttp://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\nhttp://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\n\nhttp://www.trapkit.de/advisories/TKADV2008-001.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "PACKETSTORM",
            "id": "64344"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-31596",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-1471",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "28150",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "29311",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1019568",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0801",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "41079",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20080308 [TKADV2008-001] PANDA INTERNET SECURITY/ANTIVIRUS+FIREWALL 2008 CPOINT.SYS KERNEL DRIVER MEMORY CORRUPTION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "31363",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-31596",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64344",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "PACKETSTORM",
            "id": "64344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "id": "VAR-200803-0457",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T23:16:36.980000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "20080306 41337 EN",
            "trust": 0.8,
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://www.trapkit.de/advisories/tkadv2008-001.txt"
          },
          {
            "trust": 2.0,
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026ididioma=2\u0026ref=prodexp"
          },
          {
            "trust": 2.0,
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026ididioma=2\u0026ref=prodexp"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/28150"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id?1019568"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/29311"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2008/0801/references"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1471"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1471"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/41079"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/489292/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2008/0801/references"
          },
          {
            "trust": 0.1,
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026amp;ididioma=2\u0026amp;ref=prodexp"
          },
          {
            "trust": 0.1,
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026amp;ididioma=2\u0026amp;ref=prodexp"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/17905/"
          },
          {
            "trust": 0.1,
            "url": "http://www.pandasecurity.com/resources/sop/platinum2008/hfp120801s1.exe"
          },
          {
            "trust": 0.1,
            "url": "https://psi.secunia.com/?page=changelog"
          },
          {
            "trust": 0.1,
            "url": "https://psi.secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.pandasecurity.com/resources/sop/pavf08/hft70801s1.exe"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/17681/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/29311/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "PACKETSTORM",
            "id": "64344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "db": "PACKETSTORM",
            "id": "64344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-03-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "date": "2008-03-08T00:00:00",
            "db": "BID",
            "id": "28150"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "date": "2008-03-12T17:55:23",
            "db": "PACKETSTORM",
            "id": "64344"
          },
          {
            "date": "2008-03-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "date": "2008-03-24T22:44:00",
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-31596"
          },
          {
            "date": "2015-05-07T17:32:00",
            "db": "BID",
            "id": "28150"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          },
          {
            "date": "2008-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2008-1471"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "28150"
          },
          {
            "db": "PACKETSTORM",
            "id": "64344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Panda Internet Security Such as  cpoint.sys Service disruption in drivers  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004255"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-380"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200803-0243

    Vulnerability from variot - Updated: 2025-04-10 20:22

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. Apple Safari is prone to 12 security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. NOTE: This BID is being retired. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. If users are tricked into opening malicious URLs, sensitive information may be leaked

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0243",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "safari",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "3.0.4"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "3.0.2"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "3.0.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "3.0.3"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "3.0"
          },
          {
            "model": "safari",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apple",
            "version": "version"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "3.1"
          },
          {
            "model": "safari beta for windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.4"
          },
          {
            "model": "safari beta for windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.3"
          },
          {
            "model": "safari beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.3"
          },
          {
            "model": "safari beta for windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.2"
          },
          {
            "model": "safari beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.2"
          },
          {
            "model": "safari beta for windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.1"
          },
          {
            "model": "safari beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.0.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "2.0.4"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "2.0.3"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "2.0.2"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "2.0.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.3.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.3"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.2.3"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.2.2"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.2.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.2"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.1"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "1.0"
          },
          {
            "model": "safari beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "2"
          },
          {
            "model": "safari beta for windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3"
          },
          {
            "model": "safari beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3"
          },
          {
            "model": "safari",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3"
          },
          {
            "model": "safari",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "apple",
            "version": "3.1"
          },
          {
            "model": "windows vista",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows-nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "xp"
          },
          {
            "model": "windows-nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "vista"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apple:safari",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2008-1001",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2008-1001",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-31126",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2008-1001",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2008-1001",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200803-298",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-31126",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. Apple Safari is prone to 12 security vulnerabilities. \nAttackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. \nNOTE: This BID is being retired. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nNOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. If users are tricked into opening malicious URLs, sensitive information may be leaked",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          },
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "28321",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "28290",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001",
            "trust": 2.8
          },
          {
            "db": "SECTRACK",
            "id": "1019653",
            "trust": 2.5
          },
          {
            "db": "USCERT",
            "id": "TA08-079A",
            "trust": 2.5
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0920",
            "trust": 1.7
          },
          {
            "db": "USCERT",
            "id": "SA08-079A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298",
            "trust": 0.7
          },
          {
            "db": "CERT/CC",
            "id": "TA08-079A",
            "trust": 0.6
          },
          {
            "db": "APPLE",
            "id": "APPLE-SA-2008-03-18",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "41333",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-31126",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "id": "VAR-200803-0243",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T20:22:40.454000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Safari 3.1",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT1315"
          },
          {
            "title": "Safari 3.1",
            "trust": 0.8,
            "url": "http://docs.info.apple.com/article.html?artnum=307563-ja"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/28290"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/28321"
          },
          {
            "trust": 2.5,
            "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
          },
          {
            "trust": 2.5,
            "url": "http://www.securitytracker.com/id?1019653"
          },
          {
            "trust": 2.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307563"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00000.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.frsirt.com/english/advisories/2008/0920/references"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2008/0920/references"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41333"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1001"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta08-079a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta08-079a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1001"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.apple.com/safari/"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/41333"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-03-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "date": "2008-03-18T00:00:00",
            "db": "BID",
            "id": "28290"
          },
          {
            "date": "2008-03-18T00:00:00",
            "db": "BID",
            "id": "28321"
          },
          {
            "date": "2008-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "date": "2008-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "date": "2008-03-19T00:44:00",
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-31126"
          },
          {
            "date": "2008-03-20T20:40:00",
            "db": "BID",
            "id": "28290"
          },
          {
            "date": "2008-03-20T16:00:00",
            "db": "BID",
            "id": "28321"
          },
          {
            "date": "2008-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          },
          {
            "date": "2008-10-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2008-1001"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "28290"
          },
          {
            "db": "BID",
            "id": "28321"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Windows XP and  Vista Under the environment  Apple Safari Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001187"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-298"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2008-3014 (GCVE-0-2008-3014)

    Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/31021 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020837 vdb-entryx_refsource_SECTRACK
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "31021",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31021"
              },
              {
                "name": "oval:org.mitre.oval:def:6004",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "1020837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020837"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "31021",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31021"
            },
            {
              "name": "oval:org.mitre.oval:def:6004",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020837",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020837"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "31021",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31021"
                },
                {
                  "name": "oval:org.mitre.oval:def:6004",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "1020837",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020837"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3014",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3012 (GCVE-0-2008-3012)

    Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020835 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/31019 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "oval:org.mitre.oval:def:6040",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "1020835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020835"
              },
              {
                "name": "31019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31019"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "oval:org.mitre.oval:def:6040",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020835"
            },
            {
              "name": "31019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31019"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "oval:org.mitre.oval:def:6040",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "1020835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020835"
                },
                {
                  "name": "31019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31019"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3012",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3008 (GCVE-0-2008-3008)

    Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/996227 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    http://www.securitytracker.com/id?1020832 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/31065 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/6454 exploitx_refsource_EXPLOIT-DB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2521 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#996227",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/996227"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "1020832",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020832"
              },
              {
                "name": "oval:org.mitre.oval:def:6018",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
              },
              {
                "name": "31065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31065"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "6454",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6454"
              },
              {
                "name": "MS08-053",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "VU#996227",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/996227"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020832",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020832"
            },
            {
              "name": "oval:org.mitre.oval:def:6018",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
            },
            {
              "name": "31065",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31065"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "6454",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6454"
            },
            {
              "name": "MS08-053",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2521",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3008",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#996227",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/996227"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "1020832",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020832"
                },
                {
                  "name": "oval:org.mitre.oval:def:6018",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
                },
                {
                  "name": "31065",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31065"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "6454",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6454"
                },
                {
                  "name": "MS08-053",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2521",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3008",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5348 (GCVE-0-2007-5348)

    Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020834 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.securityfocus.com/bid/31018 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "1020834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020834"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:6055",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
              },
              {
                "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
              },
              {
                "name": "31018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31018"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020834",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020834"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6055",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
            },
            {
              "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
            },
            {
              "name": "31018",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31018"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-5348",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "1020834",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020834"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:6055",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
                },
                {
                  "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
                },
                {
                  "name": "31018",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31018"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-5348",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2007-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1457 (GCVE-0-2008-1457)

    Vulnerability from nvd – Published: 2008-08-13 10:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/2353 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1020677 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/31417 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/30584 vdb-entryx_refsource_BID
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-2353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2353"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "1020677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020677"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "MS08-049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "31417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31417"
              },
              {
                "name": "oval:org.mitre.oval:def:6095",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
              },
              {
                "name": "30584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-2353",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2353"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "1020677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020677"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "MS08-049",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "31417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31417"
            },
            {
              "name": "oval:org.mitre.oval:def:6095",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
            },
            {
              "name": "30584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1457",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-2353",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2353"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "1020677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020677"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "MS08-049",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "31417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31417"
                },
                {
                  "name": "oval:org.mitre.oval:def:6095",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
                },
                {
                  "name": "30584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1457",
        "datePublished": "2008-08-13T10:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1456 (GCVE-0-2008-1456)

    Vulnerability from nvd – Published: 2008-08-13 10:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/2353 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1020677 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/30586 vdb-entryx_refsource_BID
    http://secunia.com/advisories/31417 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-2353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2353"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "1020677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020677"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "MS08-049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "30586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30586"
              },
              {
                "name": "31417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31417"
              },
              {
                "name": "oval:org.mitre.oval:def:5630",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-2353",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2353"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "1020677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020677"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "MS08-049",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "30586",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30586"
            },
            {
              "name": "31417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31417"
            },
            {
              "name": "oval:org.mitre.oval:def:5630",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-2353",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2353"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "1020677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020677"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "MS08-049",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "30586",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30586"
                },
                {
                  "name": "31417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31417"
                },
                {
                  "name": "oval:org.mitre.oval:def:5630",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1456",
        "datePublished": "2008-08-13T10:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2246 (GCVE-0-2008-2246)

    Vulnerability from nvd – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/31411 third-party-advisoryx_refsource_SECUNIA
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2008/2351 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020678 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/30634 vdb-entryx_refsource_BID
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:00.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:6060",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "31411",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31411"
              },
              {
                "name": "MS08-047",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
              },
              {
                "name": "ADV-2008-2351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2351"
              },
              {
                "name": "1020678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020678"
              },
              {
                "name": "30634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:6060",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "31411",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31411"
            },
            {
              "name": "MS08-047",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
            },
            {
              "name": "ADV-2008-2351",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2351"
            },
            {
              "name": "1020678",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020678"
            },
            {
              "name": "30634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-2246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:6060",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "31411",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31411"
                },
                {
                  "name": "MS08-047",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
                },
                {
                  "name": "ADV-2008-2351",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2351"
                },
                {
                  "name": "1020678",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020678"
                },
                {
                  "name": "30634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-2246",
        "datePublished": "2008-08-13T00:00:00.000Z",
        "dateReserved": "2008-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:00.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1435 (GCVE-0-2008-1435)

    Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/30953 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020436 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/2020… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/30109 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-190A.html third-party-advisoryx_refsource_CERT
    Date Public
    2008-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5600",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
              },
              {
                "name": "MS08-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
              },
              {
                "name": "30953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30953"
              },
              {
                "name": "1020436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020436"
              },
              {
                "name": "ADV-2008-2020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2020/references"
              },
              {
                "name": "30109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30109"
              },
              {
                "name": "TA08-190A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5600",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
            },
            {
              "name": "MS08-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
            },
            {
              "name": "30953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30953"
            },
            {
              "name": "1020436",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020436"
            },
            {
              "name": "ADV-2008-2020",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2020/references"
            },
            {
              "name": "30109",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30109"
            },
            {
              "name": "TA08-190A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5600",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
                },
                {
                  "name": "MS08-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
                },
                {
                  "name": "30953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30953"
                },
                {
                  "name": "1020436",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020436"
                },
                {
                  "name": "ADV-2008-2020",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2020/references"
                },
                {
                  "name": "30109",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30109"
                },
                {
                  "name": "TA08-190A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1435",
        "datePublished": "2008-07-08T23:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1445 (GCVE-0-2008-1445)

    Vulnerability from nvd – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/1782 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29584 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1020229 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/493338/100… mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA08-162B.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/493342/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30586 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1782"
              },
              {
                "name": "29584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29584"
              },
              {
                "name": "1020229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020229"
              },
              {
                "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
              },
              {
                "name": "TA08-162B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
              },
              {
                "name": "MS08-035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
              },
              {
                "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
              },
              {
                "name": "30586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30586"
              },
              {
                "name": "oval:org.mitre.oval:def:4910",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-1782",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1782"
            },
            {
              "name": "29584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29584"
            },
            {
              "name": "1020229",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020229"
            },
            {
              "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
            },
            {
              "name": "TA08-162B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
            },
            {
              "name": "MS08-035",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
            },
            {
              "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
            },
            {
              "name": "30586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30586"
            },
            {
              "name": "oval:org.mitre.oval:def:4910",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1782",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1782"
                },
                {
                  "name": "29584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29584"
                },
                {
                  "name": "1020229",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020229"
                },
                {
                  "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
                },
                {
                  "name": "TA08-162B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
                },
                {
                  "name": "MS08-035",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
                },
                {
                  "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
                },
                {
                  "name": "30586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30586"
                },
                {
                  "name": "oval:org.mitre.oval:def:4910",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1445",
        "datePublished": "2008-06-12T01:30:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1453 (GCVE-0-2008-1453)

    Vulnerability from nvd – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/1777 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29522 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-162B.html third-party-advisoryx_refsource_CERT
    http://securitytracker.com/id?1020221 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/30051 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1777",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1777"
              },
              {
                "name": "29522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29522"
              },
              {
                "name": "TA08-162B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
              },
              {
                "name": "1020221",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020221"
              },
              {
                "name": "MS08-030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
              },
              {
                "name": "30051",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30051"
              },
              {
                "name": "oval:org.mitre.oval:def:4730",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-1777",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1777"
            },
            {
              "name": "29522",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29522"
            },
            {
              "name": "TA08-162B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
            },
            {
              "name": "1020221",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020221"
            },
            {
              "name": "MS08-030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
            },
            {
              "name": "30051",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30051"
            },
            {
              "name": "oval:org.mitre.oval:def:4730",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1777",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1777"
                },
                {
                  "name": "29522",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29522"
                },
                {
                  "name": "TA08-162B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
                },
                {
                  "name": "1020221",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020221"
                },
                {
                  "name": "MS08-030",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
                },
                {
                  "name": "30051",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30051"
                },
                {
                  "name": "oval:org.mitre.oval:def:4730",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1453",
        "datePublished": "2008-06-12T01:30:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1436 (GCVE-0-2008-1436)

    Vulnerability from nvd – Published: 2008-04-21 17:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019904 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/491111/100… mailing-listx_refsource_BUGTRAQ
    http://www.microsoft.com/technet/security/advisor… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/1264… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29867 third-party-advisoryx_refsource_SECUNIA
    http://securitywatch.eweek.com/flaws/microsoft_be… x_refsource_MISC
    https://www.exploit-db.com/exploits/6705 exploitx_refsource_EXPLOIT-DB
    http://nomoreroot.blogspot.com/2008/10/windows-20… x_refsource_MISC
    http://www.us-cert.gov/cas/techalerts/TA09-104A.html third-party-advisoryx_refsource_CERT
    http://www.argeniss.com/research/TokenKidnapping.pdf x_refsource_MISC
    http://www.securityfocus.com/bid/28833 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.argeniss.com/research/Churrasco.zip x_refsource_MISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/497168/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2009/1026 vdb-entryx_refsource_VUPEN
    http://isc.sans.org/diary.html?storyid=4306 x_refsource_MISC
    http://milw0rm.com/sploits/2008-Churrasco.zip x_refsource_MISC
    http://blogs.technet.com/msrc/archive/2008/04/17/… x_refsource_CONFIRM
    Date Public
    2008-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019904"
              },
              {
                "name": "oval:org.mitre.oval:def:5891",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
              },
              {
                "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
              },
              {
                "name": "ADV-2008-1264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1264/references"
              },
              {
                "name": "29867",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29867"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
              },
              {
                "name": "6705",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6705"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
              },
              {
                "name": "TA09-104A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
              },
              {
                "name": "28833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28833"
              },
              {
                "name": "ms-windows-localsystem-privilege-escalation(41880)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.argeniss.com/research/Churrasco.zip"
              },
              {
                "name": "MS09-012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
              },
              {
                "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
              },
              {
                "name": "ADV-2009-1026",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1026"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://isc.sans.org/diary.html?storyid=4306"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1019904",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019904"
            },
            {
              "name": "oval:org.mitre.oval:def:5891",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
            },
            {
              "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
            },
            {
              "name": "ADV-2008-1264",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1264/references"
            },
            {
              "name": "29867",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29867"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
            },
            {
              "name": "6705",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6705"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
            },
            {
              "name": "TA09-104A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
            },
            {
              "name": "28833",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28833"
            },
            {
              "name": "ms-windows-localsystem-privilege-escalation(41880)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.argeniss.com/research/Churrasco.zip"
            },
            {
              "name": "MS09-012",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
            },
            {
              "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
            },
            {
              "name": "ADV-2009-1026",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1026"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://isc.sans.org/diary.html?storyid=4306"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019904",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019904"
                },
                {
                  "name": "oval:org.mitre.oval:def:5891",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
                },
                {
                  "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
                },
                {
                  "name": "ADV-2008-1264",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1264/references"
                },
                {
                  "name": "29867",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29867"
                },
                {
                  "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
                  "refsource": "MISC",
                  "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
                },
                {
                  "name": "6705",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6705"
                },
                {
                  "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
                  "refsource": "MISC",
                  "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
                },
                {
                  "name": "TA09-104A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
                },
                {
                  "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
                  "refsource": "MISC",
                  "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
                },
                {
                  "name": "28833",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28833"
                },
                {
                  "name": "ms-windows-localsystem-privilege-escalation(41880)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
                },
                {
                  "name": "http://www.argeniss.com/research/Churrasco.zip",
                  "refsource": "MISC",
                  "url": "http://www.argeniss.com/research/Churrasco.zip"
                },
                {
                  "name": "MS09-012",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
                },
                {
                  "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
                },
                {
                  "name": "ADV-2009-1026",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1026"
                },
                {
                  "name": "http://isc.sans.org/diary.html?storyid=4306",
                  "refsource": "MISC",
                  "url": "http://isc.sans.org/diary.html?storyid=4306"
                },
                {
                  "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
                  "refsource": "MISC",
                  "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
                },
                {
                  "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1436",
        "datePublished": "2008-04-21T17:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0927 (GCVE-0-2008-0927)

    Vulnerability from nvd – Published: 2008-04-14 16:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/491622/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019836 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29805 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/support/viewContent.do?exte… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/1217… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28757 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/5547 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080505 Novell eDirectory DoS via HTTP headers",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
              },
              {
                "name": "1019836",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019836"
              },
              {
                "name": "29805",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29805"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
              },
              {
                "name": "ADV-2008-1217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1217/references"
              },
              {
                "name": "novell-edirectory-dhost-dos(41787)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
              },
              {
                "name": "28757",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28757"
              },
              {
                "name": "5547",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5547"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.  NOTE: this might be similar to CVE-2008-1777."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080505 Novell eDirectory DoS via HTTP headers",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
            },
            {
              "name": "1019836",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019836"
            },
            {
              "name": "29805",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29805"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
            },
            {
              "name": "ADV-2008-1217",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1217/references"
            },
            {
              "name": "novell-edirectory-dhost-dos(41787)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
            },
            {
              "name": "28757",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28757"
            },
            {
              "name": "5547",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5547"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0927",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.  NOTE: this might be similar to CVE-2008-1777."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080505 Novell eDirectory DoS via HTTP headers",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
                },
                {
                  "name": "1019836",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019836"
                },
                {
                  "name": "29805",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29805"
                },
                {
                  "name": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
                },
                {
                  "name": "ADV-2008-1217",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1217/references"
                },
                {
                  "name": "novell-edirectory-dhost-dos(41787)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
                },
                {
                  "name": "28757",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28757"
                },
                {
                  "name": "5547",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5547"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0927",
        "datePublished": "2008-04-14T16:00:00.000Z",
        "dateReserved": "2008-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1087 (GCVE-0-2008-1087)

    Vulnerability from nvd – Published: 2008-04-08 23:00 – Updated: 2024-08-07 08:08
    VLAI
    Summary
    Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/44215 vdb-entryx_refsource_OSVDB
    http://www.us-cert.gov/cas/techalerts/TA08-099A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=120845064910729&w=2 vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/1145… vdb-entryx_refsource_VUPEN
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/28570 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/6656 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/5442 exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id?1019798 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29704 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "44215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/44215"
              },
              {
                "name": "TA08-099A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
              },
              {
                "name": "SSRT080048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "ADV-2008-1145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1145/references"
              },
              {
                "name": "MS08-021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
              },
              {
                "name": "28570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28570"
              },
              {
                "name": "HPSBST02329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:5580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
              },
              {
                "name": "6656",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6656"
              },
              {
                "name": "5442",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5442"
              },
              {
                "name": "1019798",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019798"
              },
              {
                "name": "29704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29704"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka \"GDI Stack Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "44215",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/44215"
            },
            {
              "name": "TA08-099A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
            },
            {
              "name": "SSRT080048",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "ADV-2008-1145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1145/references"
            },
            {
              "name": "MS08-021",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
            },
            {
              "name": "28570",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28570"
            },
            {
              "name": "HPSBST02329",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:5580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
            },
            {
              "name": "6656",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6656"
            },
            {
              "name": "5442",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5442"
            },
            {
              "name": "1019798",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019798"
            },
            {
              "name": "29704",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29704"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1087",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka \"GDI Stack Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "44215",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/44215"
                },
                {
                  "name": "TA08-099A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
                },
                {
                  "name": "SSRT080048",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "ADV-2008-1145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1145/references"
                },
                {
                  "name": "MS08-021",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
                },
                {
                  "name": "28570",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28570"
                },
                {
                  "name": "HPSBST02329",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:5580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
                },
                {
                  "name": "6656",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6656"
                },
                {
                  "name": "5442",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5442"
                },
                {
                  "name": "1019798",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019798"
                },
                {
                  "name": "29704",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29704"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1087",
        "datePublished": "2008-04-08T23:00:00.000Z",
        "dateReserved": "2008-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:08:57.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1086 (GCVE-0-2008-1086)

    Vulnerability from nvd – Published: 2008-04-08 23:00 – Updated: 2024-08-07 08:08
    VLAI
    Summary
    The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.us-cert.gov/cas/techalerts/TA08-099A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=120845064910729&w=2 vendor-advisoryx_refsource_HP
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29714 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019800 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.vupen.com/english/advisories/2008/1147… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/28606 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2008-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TA08-099A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
              },
              {
                "name": "SSRT080048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:5475",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5475"
              },
              {
                "name": "HPSBST02329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "29714",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29714"
              },
              {
                "name": "1019800",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019800"
              },
              {
                "name": "ie-hxvz-code-execution(41464)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41464"
              },
              {
                "name": "20080408 Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680"
              },
              {
                "name": "ADV-2008-1147",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1147/references"
              },
              {
                "name": "28606",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28606"
              },
              {
                "name": "MS08-023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "TA08-099A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
            },
            {
              "name": "SSRT080048",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:5475",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5475"
            },
            {
              "name": "HPSBST02329",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "29714",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29714"
            },
            {
              "name": "1019800",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019800"
            },
            {
              "name": "ie-hxvz-code-execution(41464)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41464"
            },
            {
              "name": "20080408 Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680"
            },
            {
              "name": "ADV-2008-1147",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1147/references"
            },
            {
              "name": "28606",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28606"
            },
            {
              "name": "MS08-023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "TA08-099A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
                },
                {
                  "name": "SSRT080048",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:5475",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5475"
                },
                {
                  "name": "HPSBST02329",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "29714",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29714"
                },
                {
                  "name": "1019800",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019800"
                },
                {
                  "name": "ie-hxvz-code-execution(41464)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41464"
                },
                {
                  "name": "20080408 Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680"
                },
                {
                  "name": "ADV-2008-1147",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1147/references"
                },
                {
                  "name": "28606",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28606"
                },
                {
                  "name": "MS08-023",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1086",
        "datePublished": "2008-04-08T23:00:00.000Z",
        "dateReserved": "2008-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:08:57.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3008 (GCVE-0-2008-3008)

    Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/996227 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    http://www.securitytracker.com/id?1020832 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/31065 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/6454 exploitx_refsource_EXPLOIT-DB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2521 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#996227",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/996227"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "1020832",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020832"
              },
              {
                "name": "oval:org.mitre.oval:def:6018",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
              },
              {
                "name": "31065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31065"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "6454",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6454"
              },
              {
                "name": "MS08-053",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2521",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "VU#996227",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/996227"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020832",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020832"
            },
            {
              "name": "oval:org.mitre.oval:def:6018",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
            },
            {
              "name": "31065",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31065"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "6454",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6454"
            },
            {
              "name": "MS08-053",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2521",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3008",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#996227",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/996227"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "1020832",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020832"
                },
                {
                  "name": "oval:org.mitre.oval:def:6018",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
                },
                {
                  "name": "31065",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31065"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "6454",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6454"
                },
                {
                  "name": "MS08-053",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2521",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3008",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3014 (GCVE-0-2008-3014)

    Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/31021 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020837 vdb-entryx_refsource_SECTRACK
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "31021",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31021"
              },
              {
                "name": "oval:org.mitre.oval:def:6004",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "1020837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020837"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "31021",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31021"
            },
            {
              "name": "oval:org.mitre.oval:def:6004",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020837",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020837"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "31021",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31021"
                },
                {
                  "name": "oval:org.mitre.oval:def:6004",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "1020837",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020837"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3014",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5348 (GCVE-0-2007-5348)

    Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020834 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.securityfocus.com/bid/31018 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "1020834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020834"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:6055",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
              },
              {
                "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
              },
              {
                "name": "31018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31018"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "1020834",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020834"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6055",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
            },
            {
              "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
            },
            {
              "name": "31018",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31018"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-5348",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "1020834",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020834"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:6055",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
                },
                {
                  "name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
                },
                {
                  "name": "31018",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31018"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-5348",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2007-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3012 (GCVE-0-2008-3012)

    Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32154 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=122235754013992&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/2696 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020835 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/31019 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2008/2520 vdb-entryx_refsource_VUPEN
    Date Public
    2008-09-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32154"
              },
              {
                "name": "HPSBST02372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "MS08-052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
              },
              {
                "name": "oval:org.mitre.oval:def:6040",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
              },
              {
                "name": "ADV-2008-2696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2696"
              },
              {
                "name": "SSRT080133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
              },
              {
                "name": "1020835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020835"
              },
              {
                "name": "31019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31019"
              },
              {
                "name": "TA08-253A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
              },
              {
                "name": "ADV-2008-2520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "32154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32154"
            },
            {
              "name": "HPSBST02372",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "MS08-052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
            },
            {
              "name": "oval:org.mitre.oval:def:6040",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
            },
            {
              "name": "ADV-2008-2696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2696"
            },
            {
              "name": "SSRT080133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020835"
            },
            {
              "name": "31019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31019"
            },
            {
              "name": "TA08-253A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2520",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-3012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32154"
                },
                {
                  "name": "HPSBST02372",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "MS08-052",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
                },
                {
                  "name": "oval:org.mitre.oval:def:6040",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
                },
                {
                  "name": "ADV-2008-2696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2696"
                },
                {
                  "name": "SSRT080133",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
                },
                {
                  "name": "1020835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020835"
                },
                {
                  "name": "31019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31019"
                },
                {
                  "name": "TA08-253A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
                },
                {
                  "name": "ADV-2008-2520",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-3012",
        "datePublished": "2008-09-10T15:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1457 (GCVE-0-2008-1457)

    Vulnerability from cvelistv5 – Published: 2008-08-13 10:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/2353 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1020677 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/31417 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/30584 vdb-entryx_refsource_BID
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-2353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2353"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "1020677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020677"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "MS08-049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "31417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31417"
              },
              {
                "name": "oval:org.mitre.oval:def:6095",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
              },
              {
                "name": "30584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-2353",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2353"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "1020677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020677"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "MS08-049",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "31417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31417"
            },
            {
              "name": "oval:org.mitre.oval:def:6095",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
            },
            {
              "name": "30584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1457",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-2353",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2353"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "1020677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020677"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "MS08-049",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "31417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31417"
                },
                {
                  "name": "oval:org.mitre.oval:def:6095",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095"
                },
                {
                  "name": "30584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1457",
        "datePublished": "2008-08-13T10:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1456 (GCVE-0-2008-1456)

    Vulnerability from cvelistv5 – Published: 2008-08-13 10:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/2353 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1020677 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/30586 vdb-entryx_refsource_BID
    http://secunia.com/advisories/31417 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-2353",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2353"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "1020677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020677"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "MS08-049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "30586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30586"
              },
              {
                "name": "31417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31417"
              },
              {
                "name": "oval:org.mitre.oval:def:5630",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-2353",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2353"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "1020677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020677"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "MS08-049",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "30586",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30586"
            },
            {
              "name": "31417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31417"
            },
            {
              "name": "oval:org.mitre.oval:def:5630",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-2353",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2353"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "1020677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020677"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "MS08-049",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "30586",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30586"
                },
                {
                  "name": "31417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31417"
                },
                {
                  "name": "oval:org.mitre.oval:def:5630",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1456",
        "datePublished": "2008-08-13T10:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2246 (GCVE-0-2008-2246)

    Vulnerability from cvelistv5 – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/31411 third-party-advisoryx_refsource_SECUNIA
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2008/2351 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1020678 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/30634 vdb-entryx_refsource_BID
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:00.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:6060",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "31411",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31411"
              },
              {
                "name": "MS08-047",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
              },
              {
                "name": "ADV-2008-2351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2351"
              },
              {
                "name": "1020678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020678"
              },
              {
                "name": "30634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:6060",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "31411",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31411"
            },
            {
              "name": "MS08-047",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
            },
            {
              "name": "ADV-2008-2351",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2351"
            },
            {
              "name": "1020678",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020678"
            },
            {
              "name": "30634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-2246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:6060",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "31411",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31411"
                },
                {
                  "name": "MS08-047",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047"
                },
                {
                  "name": "ADV-2008-2351",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2351"
                },
                {
                  "name": "1020678",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020678"
                },
                {
                  "name": "30634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-2246",
        "datePublished": "2008-08-13T00:00:00.000Z",
        "dateReserved": "2008-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:00.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1435 (GCVE-0-2008-1435)

    Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/30953 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020436 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/2020… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/30109 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-190A.html third-party-advisoryx_refsource_CERT
    Date Public
    2008-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5600",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
              },
              {
                "name": "MS08-038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
              },
              {
                "name": "30953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30953"
              },
              {
                "name": "1020436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020436"
              },
              {
                "name": "ADV-2008-2020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2020/references"
              },
              {
                "name": "30109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30109"
              },
              {
                "name": "TA08-190A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5600",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
            },
            {
              "name": "MS08-038",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
            },
            {
              "name": "30953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30953"
            },
            {
              "name": "1020436",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020436"
            },
            {
              "name": "ADV-2008-2020",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2020/references"
            },
            {
              "name": "30109",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30109"
            },
            {
              "name": "TA08-190A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5600",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600"
                },
                {
                  "name": "MS08-038",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038"
                },
                {
                  "name": "30953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30953"
                },
                {
                  "name": "1020436",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020436"
                },
                {
                  "name": "ADV-2008-2020",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2020/references"
                },
                {
                  "name": "30109",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30109"
                },
                {
                  "name": "TA08-190A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1435",
        "datePublished": "2008-07-08T23:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1445 (GCVE-0-2008-1445)

    Vulnerability from cvelistv5 – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/1782 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29584 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1020229 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/493338/100… mailing-listx_refsource_BUGTRAQ
    http://www.us-cert.gov/cas/techalerts/TA08-162B.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/493342/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30586 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1782"
              },
              {
                "name": "29584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29584"
              },
              {
                "name": "1020229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020229"
              },
              {
                "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
              },
              {
                "name": "TA08-162B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
              },
              {
                "name": "MS08-035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
              },
              {
                "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
              },
              {
                "name": "30586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30586"
              },
              {
                "name": "oval:org.mitre.oval:def:4910",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-1782",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1782"
            },
            {
              "name": "29584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29584"
            },
            {
              "name": "1020229",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020229"
            },
            {
              "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
            },
            {
              "name": "TA08-162B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
            },
            {
              "name": "MS08-035",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
            },
            {
              "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
            },
            {
              "name": "30586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30586"
            },
            {
              "name": "oval:org.mitre.oval:def:4910",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1782",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1782"
                },
                {
                  "name": "29584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29584"
                },
                {
                  "name": "1020229",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020229"
                },
                {
                  "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
                },
                {
                  "name": "TA08-162B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
                },
                {
                  "name": "MS08-035",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
                },
                {
                  "name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
                },
                {
                  "name": "30586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30586"
                },
                {
                  "name": "oval:org.mitre.oval:def:4910",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1445",
        "datePublished": "2008-06-12T01:30:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1453 (GCVE-0-2008-1453)

    Vulnerability from cvelistv5 – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/1777 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29522 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-162B.html third-party-advisoryx_refsource_CERT
    http://securitytracker.com/id?1020221 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/30051 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1777",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1777"
              },
              {
                "name": "29522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29522"
              },
              {
                "name": "TA08-162B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
              },
              {
                "name": "1020221",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020221"
              },
              {
                "name": "MS08-030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
              },
              {
                "name": "30051",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30051"
              },
              {
                "name": "oval:org.mitre.oval:def:4730",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2008-1777",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1777"
            },
            {
              "name": "29522",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29522"
            },
            {
              "name": "TA08-162B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
            },
            {
              "name": "1020221",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020221"
            },
            {
              "name": "MS08-030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
            },
            {
              "name": "30051",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30051"
            },
            {
              "name": "oval:org.mitre.oval:def:4730",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1777",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1777"
                },
                {
                  "name": "29522",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29522"
                },
                {
                  "name": "TA08-162B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
                },
                {
                  "name": "1020221",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020221"
                },
                {
                  "name": "MS08-030",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030"
                },
                {
                  "name": "30051",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30051"
                },
                {
                  "name": "oval:org.mitre.oval:def:4730",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1453",
        "datePublished": "2008-06-12T01:30:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1436 (GCVE-0-2008-1436)

    Vulnerability from cvelistv5 – Published: 2008-04-21 17:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019904 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/archive/1/491111/100… mailing-listx_refsource_BUGTRAQ
    http://www.microsoft.com/technet/security/advisor… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/1264… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29867 third-party-advisoryx_refsource_SECUNIA
    http://securitywatch.eweek.com/flaws/microsoft_be… x_refsource_MISC
    https://www.exploit-db.com/exploits/6705 exploitx_refsource_EXPLOIT-DB
    http://nomoreroot.blogspot.com/2008/10/windows-20… x_refsource_MISC
    http://www.us-cert.gov/cas/techalerts/TA09-104A.html third-party-advisoryx_refsource_CERT
    http://www.argeniss.com/research/TokenKidnapping.pdf x_refsource_MISC
    http://www.securityfocus.com/bid/28833 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.argeniss.com/research/Churrasco.zip x_refsource_MISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/497168/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2009/1026 vdb-entryx_refsource_VUPEN
    http://isc.sans.org/diary.html?storyid=4306 x_refsource_MISC
    http://milw0rm.com/sploits/2008-Churrasco.zip x_refsource_MISC
    http://blogs.technet.com/msrc/archive/2008/04/17/… x_refsource_CONFIRM
    Date Public
    2008-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019904"
              },
              {
                "name": "oval:org.mitre.oval:def:5891",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
              },
              {
                "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
              },
              {
                "name": "ADV-2008-1264",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1264/references"
              },
              {
                "name": "29867",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29867"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
              },
              {
                "name": "6705",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6705"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
              },
              {
                "name": "TA09-104A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
              },
              {
                "name": "28833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28833"
              },
              {
                "name": "ms-windows-localsystem-privilege-escalation(41880)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.argeniss.com/research/Churrasco.zip"
              },
              {
                "name": "MS09-012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
              },
              {
                "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
              },
              {
                "name": "ADV-2009-1026",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1026"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://isc.sans.org/diary.html?storyid=4306"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1019904",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019904"
            },
            {
              "name": "oval:org.mitre.oval:def:5891",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
            },
            {
              "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
            },
            {
              "name": "ADV-2008-1264",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1264/references"
            },
            {
              "name": "29867",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29867"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
            },
            {
              "name": "6705",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6705"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
            },
            {
              "name": "TA09-104A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
            },
            {
              "name": "28833",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28833"
            },
            {
              "name": "ms-windows-localsystem-privilege-escalation(41880)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.argeniss.com/research/Churrasco.zip"
            },
            {
              "name": "MS09-012",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
            },
            {
              "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
            },
            {
              "name": "ADV-2009-1026",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1026"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://isc.sans.org/diary.html?storyid=4306"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019904",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019904"
                },
                {
                  "name": "oval:org.mitre.oval:def:5891",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
                },
                {
                  "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
                },
                {
                  "name": "ADV-2008-1264",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1264/references"
                },
                {
                  "name": "29867",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29867"
                },
                {
                  "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
                  "refsource": "MISC",
                  "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
                },
                {
                  "name": "6705",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6705"
                },
                {
                  "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
                  "refsource": "MISC",
                  "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
                },
                {
                  "name": "TA09-104A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
                },
                {
                  "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
                  "refsource": "MISC",
                  "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
                },
                {
                  "name": "28833",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28833"
                },
                {
                  "name": "ms-windows-localsystem-privilege-escalation(41880)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
                },
                {
                  "name": "http://www.argeniss.com/research/Churrasco.zip",
                  "refsource": "MISC",
                  "url": "http://www.argeniss.com/research/Churrasco.zip"
                },
                {
                  "name": "MS09-012",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
                },
                {
                  "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
                },
                {
                  "name": "ADV-2009-1026",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1026"
                },
                {
                  "name": "http://isc.sans.org/diary.html?storyid=4306",
                  "refsource": "MISC",
                  "url": "http://isc.sans.org/diary.html?storyid=4306"
                },
                {
                  "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
                  "refsource": "MISC",
                  "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
                },
                {
                  "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1436",
        "datePublished": "2008-04-21T17:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0927 (GCVE-0-2008-0927)

    Vulnerability from cvelistv5 – Published: 2008-04-14 16:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/491622/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019836 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29805 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/support/viewContent.do?exte… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/1217… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28757 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/5547 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080505 Novell eDirectory DoS via HTTP headers",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
              },
              {
                "name": "1019836",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019836"
              },
              {
                "name": "29805",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29805"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
              },
              {
                "name": "ADV-2008-1217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1217/references"
              },
              {
                "name": "novell-edirectory-dhost-dos(41787)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
              },
              {
                "name": "28757",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28757"
              },
              {
                "name": "5547",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5547"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.  NOTE: this might be similar to CVE-2008-1777."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080505 Novell eDirectory DoS via HTTP headers",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
            },
            {
              "name": "1019836",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019836"
            },
            {
              "name": "29805",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29805"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
            },
            {
              "name": "ADV-2008-1217",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1217/references"
            },
            {
              "name": "novell-edirectory-dhost-dos(41787)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
            },
            {
              "name": "28757",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28757"
            },
            {
              "name": "5547",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5547"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0927",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.  NOTE: this might be similar to CVE-2008-1777."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080505 Novell eDirectory DoS via HTTP headers",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded"
                },
                {
                  "name": "1019836",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019836"
                },
                {
                  "name": "29805",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29805"
                },
                {
                  "name": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/viewContent.do?externalId=3829452\u0026sliceId=1"
                },
                {
                  "name": "ADV-2008-1217",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1217/references"
                },
                {
                  "name": "novell-edirectory-dhost-dos(41787)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787"
                },
                {
                  "name": "28757",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28757"
                },
                {
                  "name": "5547",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5547"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0927",
        "datePublished": "2008-04-14T16:00:00.000Z",
        "dateReserved": "2008-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1087 (GCVE-0-2008-1087)

    Vulnerability from cvelistv5 – Published: 2008-04-08 23:00 – Updated: 2024-08-07 08:08
    VLAI
    Summary
    Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/44215 vdb-entryx_refsource_OSVDB
    http://www.us-cert.gov/cas/techalerts/TA08-099A.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=120845064910729&w=2 vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/1145… vdb-entryx_refsource_VUPEN
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/28570 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/6656 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/5442 exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id?1019798 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29704 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "44215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/44215"
              },
              {
                "name": "TA08-099A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
              },
              {
                "name": "SSRT080048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "ADV-2008-1145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1145/references"
              },
              {
                "name": "MS08-021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
              },
              {
                "name": "28570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28570"
              },
              {
                "name": "HPSBST02329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:5580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
              },
              {
                "name": "6656",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6656"
              },
              {
                "name": "5442",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5442"
              },
              {
                "name": "1019798",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019798"
              },
              {
                "name": "29704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29704"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka \"GDI Stack Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "44215",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/44215"
            },
            {
              "name": "TA08-099A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
            },
            {
              "name": "SSRT080048",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "ADV-2008-1145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1145/references"
            },
            {
              "name": "MS08-021",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
            },
            {
              "name": "28570",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28570"
            },
            {
              "name": "HPSBST02329",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:5580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
            },
            {
              "name": "6656",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6656"
            },
            {
              "name": "5442",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5442"
            },
            {
              "name": "1019798",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019798"
            },
            {
              "name": "29704",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29704"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1087",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka \"GDI Stack Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "44215",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/44215"
                },
                {
                  "name": "TA08-099A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
                },
                {
                  "name": "SSRT080048",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "ADV-2008-1145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1145/references"
                },
                {
                  "name": "MS08-021",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021"
                },
                {
                  "name": "28570",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28570"
                },
                {
                  "name": "HPSBST02329",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:5580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5580"
                },
                {
                  "name": "6656",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6656"
                },
                {
                  "name": "5442",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5442"
                },
                {
                  "name": "1019798",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019798"
                },
                {
                  "name": "29704",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29704"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1087",
        "datePublished": "2008-04-08T23:00:00.000Z",
        "dateReserved": "2008-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:08:57.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }