CVE-2008-3466
Published Oct 15, 2008
Last updated 6 years ago
Overview
- Description
- Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B33F8D8-DCA9-4AD7-A2EE-2E147C0B22BD"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3735842E-8460-47DF-80CE-07A1B5B7B2BE"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F36B2527-D82F-4473-988D-64C2222726AA"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BE2E52C-FEC4-46E4-9466-DFA925798DA1"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9518CB8-38F4-4E11-A652-D2784CBE0F5B"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "7F919C01-85B1-4E0D-BCEF-EDF411814436"
},
{
"criteria": "cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "9EE996C0-B973-4584-AA99-2A7832C5F85E"
}
],
"operator": "OR"
}
]
}
]