CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
References
Link Resource
http://secunia.com/advisories/30587 Broken Link Permissions Required Vendor Advisory
http://securitytracker.com/id?1020230 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/29508 Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-162B.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/1783 Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036 Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

History

13 Feb 2024, 16:09

Type Values Removed Values Added
First Time Microsoft windows Server 2003
CPE cpe:2.3:o:microsoft:windows:server_2003:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
CWE CWE-20 CWE-1284
References (SECTRACK) http://securitytracker.com/id?1020230 - Third Party Advisory, VDB Entry (SECTRACK) http://securitytracker.com/id?1020230 - Broken Link, Third Party Advisory, VDB Entry
References (CERT) http://www.us-cert.gov/cas/techalerts/TA08-162B.html - Third Party Advisory, US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA08-162B.html - Broken Link, Third Party Advisory, US Government Resource
References (SECUNIA) http://secunia.com/advisories/30587 - Permissions Required, Vendor Advisory (SECUNIA) http://secunia.com/advisories/30587 - Broken Link, Permissions Required, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/29508 - Patch (BID) http://www.securityfocus.com/bid/29508 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036 - (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036 - Patch, Vendor Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473 - Broken Link

Information

Published : 2008-06-12 02:32

Updated : 2024-02-28 11:21


NVD link : CVE-2008-1440

Mitre link : CVE-2008-1440

CVE.ORG link : CVE-2008-1440


JSON object : View

Products Affected

microsoft

  • windows_server_2003
  • windows_xp
CWE
CWE-1284

Improper Validation of Specified Quantity in Input