CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4250

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score46.8550%
EPSS Percentile90.20th
PublishedOct 23, 2008
Last ModifiedMay 21, 2026

Vulnerability Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://blogs.securiteam.com/index.php/archives/1150
πŸ”— http://marc.info/?l=bugtraq&m=122703006921213&w=2
πŸ”— http://secunia.com/advisories/32326
πŸ”— http://www.kb.cert.org/vuls/id/827267
πŸ”— http://www.securityfocus.com/archive/1/497808/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/497816/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31874
πŸ”— http://www.securitytracker.com/id?1021091

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2001-014710.0

Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is ...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2001-024110.0

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long pr...