CVE-2008-1446: Integer Overflow
First published: Wed Oct 15 2008(Updated: )
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services (IIS) | >=5.0<=7.0 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/32248
- http://www.securityfocus.com/bid/31682
- http://www.securitytracker.com/id?1021048
- http://www.kb.cert.org/vuls/id/793233
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://www.us-cert.gov/cas/techalerts/TA08-288A.html
- http://www.vupen.com/english/advisories/2008/2813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45545
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062
Frequently Asked Questions
What is the severity of CVE-2008-1446?
CVE-2008-1446 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2008-1446?
To fix CVE-2008-1446, it is recommended to apply the latest patches and updates for Microsoft Internet Information Services.
Who is affected by CVE-2008-1446?
CVE-2008-1446 affects remote authenticated users on Microsoft Internet Information Services from versions 5.0 through 7.0.
What type of vulnerability is CVE-2008-1446?
CVE-2008-1446 is characterized as an integer overflow vulnerability in the Internet Printing Protocol ISAPI extension.
What operating systems are vulnerable to CVE-2008-1446?
CVE-2008-1446 affects Windows 2000, Windows XP, and Windows Server 2003 with specific service pack versions.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft internet information services (iis)
- version/microsoft internet information services (iis)/5.0
- version/microsoft internet information services (iis)/7.0
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3