CVE-2008-4038 - Vulnerability Details

Vendors	Products
Microsoft	Windows 2000 Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Link	Providers
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32249
http://www.securityfocus.com/bid/31647
http://www.securitytracker.com/id?1021049
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2814
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063
https://exchange.xforce.ibmcloud.com/vulnerabilities/45560
https://exchange.xforce.ibmcloud.com/vulnerabilities/45561
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka \"SMB Buffer Underflow Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1021049", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021049"}, {"name": "SSRT080143", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "32249", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32249"}, {"name": "31647", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31647"}, {"name": "HPSBST02379", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "win-smb-filename-bu(45560)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45560"}, {"name": "TA08-288A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "ADV-2008-2814", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2814"}, {"name": "win-ms08kb957095-update(45561)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45561"}, {"name": "oval:org.mitre.oval:def:5787", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787"}, {"name": "MS08-063", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-4038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka \"SMB Buffer Underflow Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021049", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021049"}, {"name": "SSRT080143", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "32249", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32249"}, {"name": "31647", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31647"}, {"name": "HPSBST02379", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "win-smb-filename-bu(45560)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45560"}, {"name": "TA08-288A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "ADV-2008-2814", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2814"}, {"name": "win-ms08kb957095-update(45561)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45561"}, {"name": "oval:org.mitre.oval:def:5787", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787"}, {"name": "MS08-063", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:00:42.293Z"}, "title": "CVE Program Container", "references": [{"name": "1021049", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021049"}, {"name": "SSRT080143", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "32249", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32249"}, {"name": "31647", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31647"}, {"name": "HPSBST02379", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "win-smb-filename-bu(45560)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45560"}, {"name": "TA08-288A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "ADV-2008-2814", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2814"}, {"name": "win-ms08kb957095-update(45561)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45561"}, {"name": "oval:org.mitre.oval:def:5787", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787"}, {"name": "MS08-063", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-4038", "datePublished": "2008-10-15T00:00:00", "dateReserved": "2008-09-10T00:00:00", "dateUpdated": "2024-08-07T10:00:42.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2008-10-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-12T19:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

name : 1021049 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1021049 (string)

}

1 : { »

name : SSRT080143 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

2 : { »

name : 32249 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/32249 (string)

}

3 : { »

name : 31647 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/31647 (string)

}

4 : { »

name : HPSBST02379 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : win-smb-filename-bu(45560) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45560 (string)

}

6 : { »

name : TA08-288A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

7 : { »

name : ADV-2008-2814 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/2814 (string)

}

8 : { »

name : win-ms08kb957095-update(45561) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45561 (string)

}

9 : { »

name : oval:org.mitre.oval:def:5787 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787 (string)

}

10 : { »

name : MS08-063 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2008-4038 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1021049 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1021049 (string)

}

1 : { »

name : SSRT080143 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

2 : { »

name : 32249 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/32249 (string)

}

3 : { »

name : 31647 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/31647 (string)

}

4 : { »

name : HPSBST02379 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : win-smb-filename-bu(45560) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45560 (string)

}

6 : { »

name : TA08-288A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

7 : { »

name : ADV-2008-2814 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/2814 (string)

}

8 : { »

name : win-ms08kb957095-update(45561) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45561 (string)

}

9 : { »

name : oval:org.mitre.oval:def:5787 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787 (string)

}

10 : { »

name : MS08-063 (string)

refsource : MS (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T10:00:42.293Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1021049 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1021049 (string)

}

1 : { »

name : SSRT080143 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

2 : { »

name : 32249 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/32249 (string)

}

3 : { »

name : 31647 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/31647 (string)

}

4 : { »

name : HPSBST02379 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : win-smb-filename-bu(45560) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45560 (string)

}

6 : { »

name : TA08-288A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

7 : { »

name : ADV-2008-2814 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/2814 (string)

}

8 : { »

name : win-ms08kb957095-update(45561) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45561 (string)

}

9 : { »

name : oval:org.mitre.oval:def:5787 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787 (string)

}

10 : { »

name : MS08-063 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

2 : x_transferred (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2008-4038 (string)

datePublished : 2008-10-15T00:00:00 (string)

dateReserved : 2008-09-10T00:00:00 (string)

dateUpdated : 2024-08-07T10:00:42.293Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*", "matchCriteriaId": "8D91FC0B-92FA-4182-9B87-A462850BD510", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "49F99773-D1AF-4596-856A-CA164D4B68E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:*", "matchCriteriaId": "59F0770D-0CED-4AEF-95AB-F9F9A4D6FB55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka \"SMB Buffer Underflow Vulnerability.\""}, {"lang": "es", "value": "Desbordamiento inferior de b\u00fafer en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008  permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n Server Message Block (SMB)que contenga un nombre de archivo con una longitud manipulada, tambi\u00e9n conocido como \"SMB Buffer Underflow Vulnerability\" (vulnerabilidad de desbordamiento inferior de b\u00fafer SMB)."}], "id": "CVE-2008-4038", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-15T00:12:16.020", "references": [{"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/32249"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31647"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021049"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/2814"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45560"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45561"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/32249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* (string)

matchCriteriaId : 83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : DA778424-6F70-4AB6-ADD5-5D4664DFE463 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:* (string)

matchCriteriaId : BCE2197B-7C58-4693-B9BB-0B31EABB6B66 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:* (string)

matchCriteriaId : 8D91FC0B-92FA-4182-9B87-A462850BD510 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 4D3B5E4F-56A6-4696-BBB4-19DF3613D020 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:* (string)

matchCriteriaId : 7F6EA111-A4E6-4963-A0C8-F9336C605B6E (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:* (string)

matchCriteriaId : 9CFB1A97-8042-4497-A45D-C014B5E240AB (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* (string)

matchCriteriaId : 7F9C7616-658D-409D-8B53-AC00DC55602A (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3852BB02-47A1-40B3-8E32-8D8891A53114 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:* (string)

matchCriteriaId : 1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : C162FFF0-1E8F-4DCF-A08F-6C6E324ED878 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:* (string)

matchCriteriaId : 49F99773-D1AF-4596-856A-CA164D4B68E5 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 9B339C33-8896-4896-88FF-88E74FDBC543 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:* (string)

matchCriteriaId : 57ECAAA8-8709-4AC7-9CE7-49A8040C04D3 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* (string)

matchCriteriaId : CE477A73-4EE4-41E9-8694-5A3D5DC88656 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:* (string)

matchCriteriaId : 59F0770D-0CED-4AEF-95AB-F9F9A4D6FB55 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." (string)

}

1 : { »

lang : es (string)

value : Desbordamiento inferior de búfer en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una petición Server Message Block (SMB)que contenga un nombre de archivo con una longitud manipulada, también conocido como "SMB Buffer Underflow Vulnerability" (vulnerabilidad de desbordamiento inferior de búfer SMB). (string)

}

]

id : CVE-2008-4038 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2008-10-15T00:12:16.020 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

1 : { »

source : secure@microsoft.com (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

2 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/32249 (string)

}

3 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/31647 (string)

}

4 : { »

source : secure@microsoft.com (string)

url : http://www.securitytracker.com/id?1021049 (string)

}

5 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

6 : { »

source : secure@microsoft.com (string)

url : http://www.vupen.com/english/advisories/2008/2814 (string)

}

7 : { »

source : secure@microsoft.com (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063 (string)

}

8 : { »

source : secure@microsoft.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45560 (string)

}

9 : { »

source : secure@microsoft.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45561 (string)

}

10 : { »

source : secure@microsoft.com (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/32249 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/31647 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id?1021049 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vupen.com/english/advisories/2008/2814 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45560 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45561 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object