ID CVE-2008-1446
Summary Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
References
Vulnerable Configurations
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:iis:5.0
  • Microsoft IIS 5.1
    cpe:2.3:a:microsoft:internet_information_server:5.1
  • Microsoft IIS 6.0
    cpe:2.3:a:microsoft:internet_information_server:6.0
  • Microsoft Internet Information Server 6.0 Beta
    cpe:2.3:a:microsoft:internet_information_server:6.0:beta
  • Microsoft Internet Information Server 7.0
    cpe:2.3:a:microsoft:internet_information_server:7.0
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2008
    cpe:2.3:o:microsoft:windows_server_2008
  • cpe:2.3:o:microsoft:windows_server_2008:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • cpe:2.3:o:microsoft:windows_vista:sp1
    cpe:2.3:o:microsoft:windows_vista:sp1
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 9.0 (as of 15-10-2008 - 15:10)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Web Servers
    NASL id IIS_7_PCI.NASL
    description According to the HTTP server banner the remote server is IIS 7.0. The server may be vulnerable to a number of vulnerabilities including a couple of remote code execution vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 108808
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108808
    title Microsoft IIS 7.0 Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS08-062.NASL
    description The remote host contains a version of Windows that is vulnerable to a security flaw that could allow a remote user to execute arbitrary code on the remote host via an integer overflow in the internet printing service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 34407
    published 2008-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34407
    title MS08-062: Microsoft IIS IPP Service Unspecified Remote Overflow (953155)
oval via4
accepted 2011-12-05T04:00:30.372-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name J. Daniel Brown
    organization DTCC
  • name Pradeep R B
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
description Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
family windows
id oval:org.mitre.oval:def:5764
status accepted
submitted 2008-10-14T13:33:00
title Integer Overflow in IPP Service Vulnerability
version 70
refmap via4
bid 31682
cert TA08-288A
cert-vn VU#793233
hp
  • HPSBST02379
  • SSRT080143
ms MS08-062
sectrack 1021048
secunia 32248
vupen ADV-2008-2813
xf
  • win-ipp-service-code-execution(45545)
  • win-ms08kb953155-update(45548)
Last major update 07-03-2011 - 22:07
Published 14-10-2008 - 20:12
Last modified 03-07-2019 - 13:25
Back to Top