Vulnerability CVE-2008-1446
Published: 2008-10-14   Modified: 2012-02-12

Description:
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> IIS 
Microsoft -> Windows 2000 
Microsoft -> Windows server 2003 
Microsoft -> Windows server 2008 
Microsoft -> Windows xp 
Microsoft -> Internet information server 

 References:
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.kb.cert.org/vuls/id/793233
http://www.securityfocus.com/bid/31682
http://www.securitytracker.com/id?1021048
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2813
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062
https://exchange.xforce.ibmcloud.com/vulnerabilities/45545
https://exchange.xforce.ibmcloud.com/vulnerabilities/45548
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764
Copyright 2024, cxsecurity.com

 

Back to Top