CVE-2008-3648
published 2008-08-12CVE-2008-3648: nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer…
PriorityP270critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
21.97%
97.4th percentile
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-363p-mgpx-cphf: nslookup
ghsa_unreviewed·2022-05-02
CVE-2008-3648 [HIGH] CWE-94 GHSA-363p-mgpx-cphf: nslookup
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
VulnCheck
Microsoft windows_xp Improper Control of Generation of Code ('Code Injection')
vulncheck·2008·CVSS 9.3
CVE-2008-3648 [CRITICAL] Microsoft windows_xp Improper Control of Generation of Code ('Code Injection')
Microsoft windows_xp Improper Control of Generation of Code ('Code Injection')
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
Affected: Microsoft windows_xp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2008-3648
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txthttp://www.nullcode.com.ar/ncs/crash/nsloo.htmhttp://www.securityfocus.com/bid/30636http://www.securitytracker.com/id?1020711https://exchange.xforce.ibmcloud.com/vulnerabilities/44423http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txthttp://www.nullcode.com.ar/ncs/crash/nsloo.htmhttp://www.securityfocus.com/bid/30636http://www.securitytracker.com/id?1020711https://exchange.xforce.ibmcloud.com/vulnerabilities/44423
2008-08-12
Published
Exploited in the wild