cbcvebase.
CVE-2008-3466
published 2008-10-15

CVE-2008-3466: Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass…

PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
77.74%
99.5th percentile
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

otherSNA RPC opcode 1 (CreateProcess)
otherSNA RPC opcode 6 (CreateProcess)
  • Detect unauthenticated SNA RPC messages targeting Microsoft Host Integration Server (HIS) 2000/2004/2006 using opcode 1 or 6, which map to CreateProcess calls — no prior authentication should be required by the attacker, making anomalous RPC calls from untrusted sources a strong signal.
  • Monitor for exploitation attempts against Microsoft Host Integration Server 2006 via the Metasploit auxiliary module ms08_059_his2006, which implements command injection via crafted SNA RPC messages.
  • ·The vulnerability affects all three versions of HIS (2000, 2004, and 2006); detection logic should not be scoped only to HIS 2006.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.