CVE-2008-1440
published 2008-06-12CVE-2008-1440: Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets…
PriorityP337high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
22.59%
97.4th percentile
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Input Validation
mitre_cwe
CWE-20 Improper Input Validation
CWE-20: Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
Input validation is a frequently-used technique
for checking potentially dangerous inputs in order to
ensure that the inputs are safe for processing within the
code, or when communicating with other components. Input can consist of: raw data - strings, numbers, parameters, file contents, etc. metadata - information about the raw data, such as headers or size Data can be simple or structured. Structured data
can be composed of many nested layers, composed of
combinations of metadata and raw data, with other simple or
structured data. Many properties of raw data or metadata may n
CWE
Improper Validation of Specified Quantity in Input
mitre_cwe
CWE-1284 Improper Validation of Specified Quantity in Input
CWE-1284: Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc.
Modes of Introduction:
Phase: Implementation
Note: Since quantities are often used to affect resource allocation or process financial data, they are often present in many places in the code.
Common Consequences:
Scope: Other, Integrity, Availability. Impact: Varies by Context, DoS: Resource Consumption (CPU), Modify Memory, Read M
http://secunia.com/advisories/30587http://securitytracker.com/id?1020230http://www.securityfocus.com/bid/29508http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.vupen.com/english/advisories/2008/1783https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473http://secunia.com/advisories/30587http://securitytracker.com/id?1020230http://www.securityfocus.com/bid/29508http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlhttp://www.vupen.com/english/advisories/2008/1783https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
2008-06-12
Published