CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4038

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile10.88th
Published2008年10月15日
Last Modified2026年4月23日

Vulnerability Description

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."

Affected Platforms (CPE)

💻
Microsoft

Windows 2000

All versions
💻
Microsoft

Windows Server 2003

All versions
💻
Microsoft

Windows Server 2003

All versions
💻
Microsoft

Windows Server 2003

All versions
💻
Microsoft

Windows Server 2003

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Vista

All versions
💻
Microsoft

Windows Vista

All versions
💻
Microsoft

Windows Vista

All versions
💻
Microsoft

Windows Vista

= sp1
💻
Microsoft

Windows Xp

All versions
💻
Microsoft

Windows Xp

All versions
💻
Microsoft

Windows Xp

All versions
💻
Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=122479227205998&w=2
🔗 http://secunia.com/advisories/32249
🔗 http://www.securityfocus.com/bid/31647
🔗 http://www.securitytracker.com/id?1021049
🔗 http://www.us-cert.gov/cas/techalerts/TA08-288A.html
🔗 http://www.vupen.com/english/advisories/2008/2814
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45560

相关漏洞威胁

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2001-014710.0

Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is ...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2001-024110.0

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long pr...