CVE-2008-1440: Input Validation
First published: Thu Jun 12 2008(Updated: )
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Operating System | =server_2003-sp2 | |
| Microsoft Windows Operating System | =server_2003-sp1 | |
| Microsoft Windows Operating System | =server_2003 | |
| Microsoft Windows Operating System | =server_2003-sp2 | |
| Microsoft Windows Operating System | =server_2003-sp2 | |
| Microsoft Windows Operating System | =server_2003-sp1 | |
| Microsoft Windows Operating System | =server_2003 | |
| Microsoft Windows XP | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA08-162B.html
- http://www.securityfocus.com/bid/29508
- http://securitytracker.com/id?1020230
- http://secunia.com/advisories/30587
- http://www.vupen.com/english/advisories/2008/1783
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
Frequently Asked Questions
What is the severity of CVE-2008-1440?
CVE-2008-1440 is considered a critical vulnerability that may lead to a denial of service.
How do I fix CVE-2008-1440?
To remediate CVE-2008-1440, it is essential to apply the latest security patches provided by Microsoft for the affected systems.
What systems are affected by CVE-2008-1440?
CVE-2008-1440 affects Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2.
Can CVE-2008-1440 be exploited remotely?
Yes, CVE-2008-1440 can be exploited remotely by sending specially crafted PGM packets.
What type of attack does CVE-2008-1440 facilitate?
CVE-2008-1440 facilitates denial of service attacks, potentially causing system hangs or infinite loops.
- agent/type
- agent/references
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows server
- version/microsoft windows server/sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- canonical/microsoft windows operating system
- version/microsoft windows operating system/server_2003-sp2
- version/microsoft windows operating system/server_2003-sp1
- version/microsoft windows operating system/server_2003
- version/microsoft windows xp/sp1