ActiveX Control Vulnerability in Microsoft Internet Information Services
CVE-2008-4300

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 29 September 2008

What is CVE-2008-4300?

An ActiveX control flaw in the adsiis.dll component of Microsoft Internet Information Services (IIS) can be exploited by remote attackers. By sending a specially crafted long string as the second argument to the GetObject method, attackers can trigger a denial of service condition, resulting in a crash of the browser. This vulnerability poses a significant risk to users of IIS, as it can be exploited without requiring physical access to the vulnerable system.

References

http://www.securityfocus.com/archive/1/496696/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/45584

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/4325

third-party-advisoryx_refsource_SREASON

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2008
Vulnerability Reserved
Sep 29, 2008