Remote Password Manipulation in Microsoft Internet Information Services
CVE-2008-4301

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 29 September 2008

Summary

A flaw exists in the ActiveX control within the iisext.dll of Microsoft Internet Information Services (IIS), which may allow unauthorized remote attackers to manipulate passwords using a crafted string argument for the SetPassword method. This vulnerability raises concerns about the potential for unauthorized access to sensitive information and system control. It's important to note that the issue has faced challenges in replication by third-party researchers, casting doubt on earlier reports of its validity.

References

http://www.securityfocus.com/archive/1/496694/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.attrition.org/pipermail/vim/2008-October/00208...

mailing-listx_refsource_VIM

https://exchange.xforce.ibmcloud.com/vulnerabilities/45587

vdb-entryx_refsource_XF

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 29, 2008
Vulnerability Reserved
Sep 29, 2008