Command Execution Vulnerability in Microsoft Host Integration Server
CVE-2008-3466

Currently unrated

Key Information:

Vendor: Microsoft
Status: Host Integration Server 2004; Host Integration Server 2006; Host Integration Server 2000
Vendor: CVE Published:; 15 October 2008

What is CVE-2008-3466?

The Microsoft Host Integration Server products from versions 2000 to 2006 are vulnerable due to a lack of restrictions on RPC access to administrative functions. This vulnerability enables remote attackers to bypass authentication mechanisms and execute arbitrary code by sending specially crafted SNA RPC messages using specific opcodes. This can lead to unauthorized command execution, potentially compromising the integrity and security of the affected systems.

References

http://www.vupen.com/english/advisories/2008/2810

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securityfocus.com/bid/31620

vdb-entryx_refsource_BID

EPSS Score

86% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2008
Vulnerability Reserved
Aug 4, 2008