Command Execution Vulnerability in Microsoft Host Integration Server
CVE-2008-3466

Currently unrated

Key Information:

Vendor
Microsoft
Status
Host Integration Server 2004
Host Integration Server 2006
Host Integration Server 2000
Vendor
CVE Published:
15 October 2008

Summary

The Microsoft Host Integration Server products from versions 2000 to 2006 are vulnerable due to a lack of restrictions on RPC access to administrative functions. This vulnerability enables remote attackers to bypass authentication mechanisms and execute arbitrary code by sending specially crafted SNA RPC messages using specific opcodes. This can lead to unauthorized command execution, potentially compromising the integrity and security of the affected systems.

References

http://www.vupen.com/english/advisories/2008/2810
vdb-entryx_refsource_VUPEN
http://labs.idefense.com/intelligence/vulnerabilities/dis...
third-party-advisoryx_refsource_IDEFENSE
http://www.securityfocus.com/bid/31620
vdb-entryx_refsource_BID

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2008-3466 : Command Execution Vulnerability in Microsoft Host Integration Server | SecurityVulnerability.io