CVE-2008-3466

Currently unrated

Key Information:

Vendor: Microsoft
Status: Host Integration Server 2004; Host Integration Server 2006; Host Integration Server 2000
Vendor: CVE Published:; 15 October 2008

Summary

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

References

http://www.vupen.com/english/advisories/2008/2810

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securityfocus.com/bid/31620

vdb-entryx_refsource_BID

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 15, 2008
Vulnerability Reserved
Aug 4, 2008

Collectors

NVD DatabaseMitre Database