ID |
CVE-2008-1446
|
Summary |
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_information_services:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
-
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*
|
CVSS |
Base: | 9.0 (as of 23-11-2020 - 20:09) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-190 |
CAPEC |
-
Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
oval
via4
|
accepted | 2011-12-05T04:00:30.372-05:00 | class | vulnerability | contributors | name | Sudhir Gandhe | organization | Secure Elements, Inc. |
name | J. Daniel Brown | organization | DTCC |
name | Pradeep R B | organization | SecPod Technologies |
| definition_extensions | comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
comment | Microsoft Windows XP (x86) SP2 is installed | oval | oval:org.mitre.oval:def:754 |
comment | Microsoft Windows XP (x86) SP3 is installed | oval | oval:org.mitre.oval:def:5631 |
comment | Microsoft Windows XP Professional x64 Edition SP1 is installed | oval | oval:org.mitre.oval:def:720 |
comment | Microsoft Windows XP x64 Edition SP2 is installed | oval | oval:org.mitre.oval:def:4193 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP1 (x64) is installed | oval | oval:org.mitre.oval:def:4386 |
comment | Microsoft Windows Server 2003 SP1 for Itanium is installed | oval | oval:org.mitre.oval:def:1205 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
comment | Microsoft Windows Server 2003 SP2 (x64) is installed | oval | oval:org.mitre.oval:def:2161 |
comment | Microsoft Windows Server 2003 (ia64) SP2 is installed | oval | oval:org.mitre.oval:def:1442 |
comment | Microsoft Windows Server 2008 (32-bit) is installed | oval | oval:org.mitre.oval:def:4870 |
comment | Microsoft Windows Server 2008 (64-bit) is installed | oval | oval:org.mitre.oval:def:5356 |
comment | Microsoft Windows Server 2008 (ia-64) is installed | oval | oval:org.mitre.oval:def:5667 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista x64 Edition is installed | oval | oval:org.mitre.oval:def:2041 |
comment | Microsoft Windows Vista (32-bit) Service Pack 1 is installed | oval | oval:org.mitre.oval:def:4873 |
comment | Microsoft Windows Vista x64 Edition Service Pack 1 is installed | oval | oval:org.mitre.oval:def:5254 |
| description | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | family | windows | id | oval:org.mitre.oval:def:5764 | status | accepted | submitted | 2008-10-14T13:33:00 | title | Integer Overflow in IPP Service Vulnerability | version | 76 |
|
refmap
via4
|
bid | 31682 | cert | TA08-288A | cert-vn | VU#793233 | hp | | sectrack | 1021048 | secunia | 32248 | vupen | ADV-2008-2813 | xf | - win-ipp-service-code-execution(45545)
- win-ms08kb953155-update(45548)
|
|
Last major update |
23-11-2020 - 20:09 |
Published |
15-10-2008 - 00:12 |
Last modified |
23-11-2020 - 20:09 |