CVE-2008-1435

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
50.7%
top 2.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows-nt
Timeline
PublishedJul 8
Latest updateMay 1

Description

Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2v8q-4v3g-jmcm: Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted sa2022-05-01
CVEList
CVE-2008-1435: Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted sa2008-07-08

💬Community

1
Bugzilla
CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code2007-12-20
CVE-2008-1435 (CRITICAL CVSS 9.3) | Windows Explorer in Microsoft Windo | cvebase.io