CVE-2008-1457

CWE-20Improper Input Validation3 documents3 sources
Severity
9.0CRITICAL
EPSS
54.9%
top 1.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows-nt
Timeline
PublishedAug 13
Latest updateMay 1

Description

The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/windows-nt2008, vista, xp+2

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-xcg4-h6mm-734q: The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validat2022-05-01
CVEList
CVE-2008-1457: The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validat2008-08-13
CVE-2008-1457 (CRITICAL CVSS 9) | The Event System in Microsoft Windo | cvebase.io