Event System Vulnerability in Microsoft Windows Products
CVE-2008-1457

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows 2000; Windows Vista; Windows-nt
Vendor: CVE Published:; 13 August 2008

Summary

The Event System component in several Microsoft Windows versions does not adequately verify per-user event subscription requests. This oversight may enable remote authenticated users to execute arbitrary code, potentially leading to unauthorized access and control over affected systems. As a result, systems running Windows 2000 SP4, Windows XP SP2/SP3, Windows Server 2003 SP1/SP2, and Windows Vista Gold/SP1, along with Windows Server 2008, are at risk. It is crucial for users to be aware of this vulnerability and take steps to secure their systems.

References

http://www.vupen.com/english/advisories/2008/2353

vdb-entryx_refsource_VUPEN

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1020677

vdb-entryx_refsource_SECTRACK

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Mar 21, 2008