Array Index Vulnerability in Microsoft Windows Products
CVE-2008-1456

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows 2000; Windows Vista; Windows-nt
Vendor: CVE Published:; 13 August 2008

Summary

A flaw in the Event System of various Microsoft Windows products allows remote authenticated users to exploit the vulnerability through specially crafted event subscription requests. This can lead to access and manipulation of an array of function pointers, enabling potential execution of arbitrary code within the affected system.

References

http://www.vupen.com/english/advisories/2008/2353

vdb-entryx_refsource_VUPEN

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1020677

vdb-entryx_refsource_SECTRACK

EPSS Score

55% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Mar 21, 2008