Vulnerability-Lookup

CVE-2008-0075 (GCVE-0-2008-0075)

Vulnerability from cvelistv5 – Published: 2008-02-12 20:00 – Updated: 2024-08-07 07:32

Summary

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

Severity

No CVSS data available.

CWE

Assigner

microsoft

References

8 references

URL	Tags
http://www.vupen.com/english/advisories/2008/0508…	vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://marc.info/?l=bugtraq&m=120361015026386&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/28893	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1019385	vdb-entryx_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA08-043C.html	third-party-advisoryx_refsource_CERT
https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/27676	vdb-entryx_refsource_BID

Date Public

2008-02-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-0508",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0508/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5308",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
          },
          {
            "name": "HPSBST02314",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
          },
          {
            "name": "28893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28893"
          },
          {
            "name": "SSRT080016",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
          },
          {
            "name": "1019385",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019385"
          },
          {
            "name": "TA08-043C",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
          },
          {
            "name": "MS08-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
          },
          {
            "name": "27676",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27676"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2008-0508",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0508/references"
        },
        {
          "name": "oval:org.mitre.oval:def:5308",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
        },
        {
          "name": "HPSBST02314",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
        },
        {
          "name": "28893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28893"
        },
        {
          "name": "SSRT080016",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
        },
        {
          "name": "1019385",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019385"
        },
        {
          "name": "TA08-043C",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
        },
        {
          "name": "MS08-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
        },
        {
          "name": "27676",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27676"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-0508",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0508/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5308",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
            },
            {
              "name": "HPSBST02314",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
            },
            {
              "name": "28893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28893"
            },
            {
              "name": "SSRT080016",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
            },
            {
              "name": "1019385",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019385"
            },
            {
              "name": "TA08-043C",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
            },
            {
              "name": "MS08-006",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
            },
            {
              "name": "27676",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27676"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-0075",
    "datePublished": "2008-02-12T20:00:00.000Z",
    "dateReserved": "2008-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:32:23.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-0075",
      "date": "2026-06-19",
      "epss": "0.57167",
      "percentile": "0.98947"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0075\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-02-12T21:00:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en Microsoft Internet Information Services (IIS) de 5.1 a 6.0. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de entradas manipuladas para p\u00e1ginas ASP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C954A7-FF84-4DEB-8728-5B207F374ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"E14B55BE-74CB-4929-9380-C948950C9920\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/28893\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/27676\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1019385\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-043C.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0508/references\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019385\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-043C.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0508/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-077

Vulnerability from certfr_avis - Published: 2008-02-13 - Updated: 2008-02-13

Deux vulnérabilités touchant Microsoft Internet Information Services (IIS) permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou d'élever ses privilèges.

Description

Deux vulnérabilités affectent Microsoft Internet Information Services :

La première vulnérabilité (MS08-005) concerne les services W3SVC, FTPSVC et NNTPSVC. Elle permet à une personne locale d'élever ses privilèges ;
La deuxième vulnérabilité (MS08-006) concerne la façon dont IIS traite les entrées de données dans les pages web ASP. Une personne malintentionnée pourrait ainsi exécuter du code arbitraire à distance en envoyant des données spécialement conçues au serveur.

Solution

Se référer aux bulletins de sécurité MS08-005 et MS08-006 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Les systèmes d'exploitation suivants sont affectés (utilisant Internet Information Services versions 5.0 à 7.0) :

Windows 2000 SP4 (MS08-005) ;
Windows XP SP2 (MS08-005, MS08-006) ;
Windows XP Professionnel Edition x64 et Windows XP Professionnel Edition x64 SP2 (MS08-005, MS08-006) ;
Windows Server 2003 SP1, Windows Server 2003 SP2 (MS08-005, MS08-006) ;
Windows Server 2003 Edition x64 et Windows Server 2003 Edition x64 SP2 (MS08-005, MS08-006) ;
Windows Server 2003 avec SP1 pour les systèmes Itanium et Windows Server 2003 avec SP2 pour les systèmes Itanium (MS08-005, MS08-006) ;
Windows Vista et Windows Vista x64 (MS08-005).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2008-0075

Vulnerability from fkie_nvd - Published: 2008-02-12 21:00 - Updated: 2026-06-16 22:48

Severity

Summary

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

References

URL	Tags
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120361015026386&w=2
secure@microsoft.com	http://secunia.com/advisories/28893
secure@microsoft.com	http://www.securityfocus.com/bid/27676
secure@microsoft.com	http://www.securitytracker.com/id?1019385
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-043C.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0508/references
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120361015026386&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28893
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27676
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019385
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-043C.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0508/references
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308

Impacted products

	Vendor	Product	Version
	microsoft	internet_information_server	6.0
	microsoft	internet_information_server	6.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C954A7-FF84-4DEB-8728-5B207F374ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "E14B55BE-74CB-4929-9380-C948950C9920",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Microsoft Internet Information Services (IIS) de 5.1 a 6.0. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de entradas manipuladas para p\u00e1ginas ASP."
    }
  ],
  "id": "CVE-2008-0075",
  "lastModified": "2026-06-16T22:48:53.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T21:00:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/28893"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/27676"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019385"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/0508/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0508/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CHVQ-2X4V-3VGH

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27

Details

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-12T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.",
  "id": "GHSA-chvq-2x4v-3vgh",
  "modified": "2022-05-01T23:27:33Z",
  "published": "2022-05-01T23:27:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0075"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28893"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27676"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019385"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0508/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0075

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

Aliases

CVE-2008-0075

Aliases

CVE-2008-0075

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0075",
    "description": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.",
    "id": "GSD-2008-0075"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0075"
      ],
      "details": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.",
      "id": "GSD-2008-0075",
      "modified": "2023-12-13T01:22:58.678604Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-0075",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-0508",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0508/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5308",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
          },
          {
            "name": "HPSBST02314",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
          },
          {
            "name": "28893",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28893"
          },
          {
            "name": "SSRT080016",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
          },
          {
            "name": "1019385",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019385"
          },
          {
            "name": "TA08-043C",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
          },
          {
            "name": "MS08-006",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
          },
          {
            "name": "27676",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27676"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0075"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA08-043C",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
            },
            {
              "name": "27676",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27676"
            },
            {
              "name": "1019385",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019385"
            },
            {
              "name": "28893",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28893"
            },
            {
              "name": "HPSBST02314",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
            },
            {
              "name": "ADV-2008-0508",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0508/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5308",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308"
            },
            {
              "name": "MS08-006",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-23T19:49Z",
      "publishedDate": "2008-02-12T21:00Z"
    }
  }
}

VAR-200802-0021

Vulnerability from variot - Updated: 2025-04-10 19:48

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

SOLUTION: Apply patches.

Windows XP Professional SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe

Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d

Windows Server 2003 SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3

Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c

Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: MS08-006 (KB942830): http://www.microsoft.com/technet/security/Bulletin/MS08-006.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

   National Cyber Alert System

Technical Cyber Security Alert TA08-043C

Microsoft Updates for Multiple Vulnerabilities

Original release date: February 12, 2008 Last revised: February 12, 2008 Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Internet Explorer
 * Microsoft Office
 * Microsoft Visual Basic
 * Microsoft Internet Information Services (IIS)

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS).

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS) as part of the Microsoft Security Bulletin Summary for February 2008. For more information, see the US-CERT Vulnerability Notes Database.

II.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the February 2008 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

US-CERT Vulnerability Notes for Microsoft February 2008 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms08-feb
Microsoft Security Bulletin Summary for February 2008 - http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
Microsoft Update - https://www.update.microsoft.com/microsoftupdate/
Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA08-043C.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-043C Feedback VU#104665" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

February 12, 2008: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR7IkKvRFkHkM87XOAQIMdgf/Z4QINqEeDeTdbKj9Jn4K+v5WKr+GWL0R J3C7PfJyQvqnl0ctnqF4DOBvi8xgPXWuhCqh6XEgi7ImkJVxI8HPpy1gj8K9YC5J ZDidLPOPvo3suzeEw3pNX/9oN9sOSsvCxwkzgq3cw7e3/vh69zLJWEg3Mz5Vc0UC lU8u4HLMpDFXzn2NA3/YlTDyc45OV3Z5LCA8GHkqIBzZLZUtprIjIeXBOxbY3pqw Ac9f8FB5c88PHW8+34pXmzt7QXuynW+8yrCuApIc0ZduUpB1+7Pi1aVmDwxxGdSz GUP3Ue8minBwUIyBn3h1jxUwO7nADPToVVLHj8fwHaFXvoNQha8iKg== =imPA -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200802-0021",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "none"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium)"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0075",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-0075",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-0075",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0075",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200802-228",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nSOLUTION:\nApply patches. \n\nWindows XP Professional SP2:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyID=2b498065-d682-4227-b23e-d234d7d6a3fe\n\nWindows XP Professional x64 Edition (optionally with SP2):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyID=df9875f7-04d6-486e-bdb5-35e9e305fa1d\n\nWindows Server 2003 SP1 / SP2:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyID=6583e798-d16d-419c-aee1-30c3e6c635b3\n\nWindows Server 2003 x64 Edition (optionally with SP2):\nhttp://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c\n\nWindows Server 2003 with SP1/SP2 for Itanium-based systems:\nhttp://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nMS08-006 (KB942830):\nhttp://www.microsoft.com/technet/security/Bulletin/MS08-006.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\t   National Cyber Alert System\n\n    Technical Cyber Security Alert TA08-043C\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: February 12, 2008\n   Last revised: February 12, 2008\n   Source: US-CERT\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Internet Explorer\n     * Microsoft Office\n     * Microsoft Visual Basic\n     * Microsoft Internet Information Services (IIS)\n\nOverview\n\n   Microsoft  has  released updates that address critical vulnerabilities\n   in  Microsoft  Windows,  Internet  Explorer,  Office, Visual Basic and\n   Internet   Information   Services   (IIS). \n\nI. Description\n\n   Microsoft  has released updates to address vulnerabilities that affect\n   Microsoft   Windows,  Internet  Explorer,  Office,  Visual  Basic  and\n   Internet  Information Services (IIS) as part of the Microsoft Security\n   Bulletin  Summary  for  February 2008.  For  more  information,  see  the  US-CERT  Vulnerability Notes\n   Database. \n\nII. \n\nIII. Solution\n\nApply updates from Microsoft\n\n   Microsoft  has  provided  updates  for  these  vulnerabilities  in the\n   February  2008 security bulletins. The security bulletins describe any\n   known  issues related to the updates. Administrators are encouraged to\n   note  these  issues  and  test  for  any  potentially adverse effects. \n   Administrators  should consider using an automated update distribution\n   system such as Windows Server Update Services (WSUS). \n\nIV. References\n\n * US-CERT Vulnerability Notes for Microsoft February 2008 updates - \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms08-feb\u003e\n\n * Microsoft Security Bulletin Summary for February  2008  - \u003chttp://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/microsoftupdate/\u003e\n\n * Windows Server Update Services - \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA08-043C.html\u003e\n _________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA08-043C Feedback VU#104665\" in the\n   subject. \n _________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n   Produced 2008 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n   Revision History\n\n   February 12, 2008: Initial release\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR7IkKvRFkHkM87XOAQIMdgf/Z4QINqEeDeTdbKj9Jn4K+v5WKr+GWL0R\nJ3C7PfJyQvqnl0ctnqF4DOBvi8xgPXWuhCqh6XEgi7ImkJVxI8HPpy1gj8K9YC5J\nZDidLPOPvo3suzeEw3pNX/9oN9sOSsvCxwkzgq3cw7e3/vh69zLJWEg3Mz5Vc0UC\nlU8u4HLMpDFXzn2NA3/YlTDyc45OV3Z5LCA8GHkqIBzZLZUtprIjIeXBOxbY3pqw\nAc9f8FB5c88PHW8+34pXmzt7QXuynW+8yrCuApIc0ZduUpB1+7Pi1aVmDwxxGdSz\nGUP3Ue8minBwUIyBn3h1jxUwO7nADPToVVLHj8fwHaFXvoNQha8iKg==\n=imPA\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "BID",
        "id": "27676"
      },
      {
        "db": "PACKETSTORM",
        "id": "63544"
      },
      {
        "db": "PACKETSTORM",
        "id": "63559"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0075",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "27676",
        "trust": 2.7
      },
      {
        "db": "USCERT",
        "id": "TA08-043C",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "28893",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1019385",
        "trust": 2.4
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0508",
        "trust": 1.6
      },
      {
        "db": "USCERT",
        "id": "SA08-043C",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "63544",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "63559",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "PACKETSTORM",
        "id": "63544"
      },
      {
        "db": "PACKETSTORM",
        "id": "63559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "id": "VAR-200802-0021",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2025-04-10T19:48:43.693000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS08-006",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx"
      },
      {
        "title": "MS08-006",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms08-006.mspx"
      },
      {
        "title": "MS08-006e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS08-006e.mspx"
      },
      {
        "title": "TA08-043C",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-043c.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.8
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-noinfo",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/28893"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/27676"
      },
      {
        "trust": 2.4,
        "url": "http://www.securitytracker.com/id?1019385"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-043c.html"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-006"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5308"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2008/0508/references"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0075"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/0508"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2008/at080003.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-043c/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-043c/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0075"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-043c.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2008/20080214_212436.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx"
      },
      {
        "trust": 0.3,
        "url": "https://strikecenter.bpointsys.com/articles/2008/02/13/exploiting-iis-via-htmlencode-ms08-006"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=df9875f7-04d6-486e-bdb5-35e9e305fa1d"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=2b498065-d682-4227-b23e-d234d7d6a3fe"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/39/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=29faa70d-f1ac-4da4-b72a-faf1973cd845"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=e8286174-8209-409f-8805-e534715a741c"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28893/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1438/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=6583e798-d16d-419c-aee1-30c3e6c635b3"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-043c.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms08-feb\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.update.microsoft.com/microsoftupdate/\u003e"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "PACKETSTORM",
        "id": "63544"
      },
      {
        "db": "PACKETSTORM",
        "id": "63559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "27676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "db": "PACKETSTORM",
        "id": "63544"
      },
      {
        "db": "PACKETSTORM",
        "id": "63559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-02-12T00:00:00",
        "db": "BID",
        "id": "27676"
      },
      {
        "date": "2008-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "date": "2008-02-12T22:33:42",
        "db": "PACKETSTORM",
        "id": "63544"
      },
      {
        "date": "2008-02-12T23:07:55",
        "db": "PACKETSTORM",
        "id": "63559"
      },
      {
        "date": "2008-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "date": "2008-02-12T21:00:00",
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-02-15T23:45:00",
        "db": "BID",
        "id": "27676"
      },
      {
        "date": "2008-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      },
      {
        "date": "2020-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-0075"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "63559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft IIS of  ASP Vulnerability in arbitrary code execution related to page input",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001106"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-228"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0075 (GCVE-0-2008-0075)

CERTA-2008-AVI-077

Description

Solution

FKIE_CVE-2008-0075

GHSA-CHVQ-2X4V-3VGH

GSD-2008-0075

VAR-200802-0021

Tags

Sightings

Nomenclature