CVE-2008-4300

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 29 September 2008

Summary

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

References

http://www.securityfocus.com/archive/1/496696/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/45584

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/4325

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Sep 29, 2008
Vulnerability Reserved
Sep 29, 2008

Collectors

NVD DatabaseMitre Database