CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-3466

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile20.39th
Published2008年10月15日
Last Modified2026年4月23日

Vulnerability Description

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Host Integration Server 2000

All versions
📦
Microsoft

Host Integration Server 2000

All versions
📦
Microsoft

Host Integration Server 2004

All versions
📦
Microsoft

Host Integration Server 2004

All versions
📦
Microsoft

Host Integration Server 2004

All versions
📦
Microsoft

Host Integration Server 2006

All versions
📦
Microsoft

Host Integration Server 2006

All versions

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
🔗 http://marc.info/?l=bugtraq&m=122479227205998&w=2
🔗 http://secunia.com/advisories/32233
🔗 http://www.securityfocus.com/bid/31620
🔗 http://www.securitytracker.com/id?1021043
🔗 http://www.us-cert.gov/cas/techalerts/TA08-288A.html
🔗 http://www.vupen.com/english/advisories/2008/2810
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059

相关漏洞威胁

CVE-2012-18568.8

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, ...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...