CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-4301

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile6.69th
Published2008年9月29日
Last Modified2026年4月23日

Vulnerability Description

A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous

Affected Platforms (CPE)

📦
Microsoft

Internet Information Services

All versions

References & Advisories

🔗 http://www.attrition.org/pipermail/vim/2008-October/002081.html
🔗 http://www.securityfocus.com/archive/1/496694/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45587
🔗 http://www.attrition.org/pipermail/vim/2008-October/002081.html
🔗 http://www.securityfocus.com/archive/1/496694/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45587

相關漏洞威脅

CVE-2006-634610.0

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier...

CVE-2007-249410.0

Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers ...

CVE-2003-022410.0

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code vi...

CVE-2007-281510.0

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Wind...