CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3466

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile20.39th
PublishedOct 15, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Host Integration Server 2000

All versions
πŸ“¦
Microsoft

Host Integration Server 2000

All versions
πŸ“¦
Microsoft

Host Integration Server 2004

All versions
πŸ“¦
Microsoft

Host Integration Server 2004

All versions
πŸ“¦
Microsoft

Host Integration Server 2004

All versions
πŸ“¦
Microsoft

Host Integration Server 2006

All versions
πŸ“¦
Microsoft

Host Integration Server 2006

All versions

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
πŸ”— http://marc.info/?l=bugtraq&m=122479227205998&w=2
πŸ”— http://secunia.com/advisories/32233
πŸ”— http://www.securityfocus.com/bid/31620
πŸ”— http://www.securitytracker.com/id?1021043
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-288A.html
πŸ”— http://www.vupen.com/english/advisories/2008/2810
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059

Related Vulnerabilities

CVE-2012-18568.8

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, ...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...