CVE-2008-1456: Input Validation
First published: Wed Aug 13 2008(Updated: )
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows NT | =2008 | |
| Microsoft Windows NT | =vista | |
| Microsoft Windows NT | =xp-sp3 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/31417
- http://www.securitytracker.com/id?1020677
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://www.securityfocus.com/bid/30586
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2353
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5630
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049
Frequently Asked Questions
What is the severity of CVE-2008-1456?
CVE-2008-1456 is rated as critical due to its potential for allowing remote code execution.
How do I fix CVE-2008-1456?
To fix CVE-2008-1456, apply the appropriate security updates provided by Microsoft for the affected Windows versions.
Which versions of Windows are affected by CVE-2008-1456?
CVE-2008-1456 affects Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008.
What type of attack can exploit CVE-2008-1456?
CVE-2008-1456 can be exploited by remote authenticated users via a crafted event subscription request.
What vulnerability type is CVE-2008-1456 classified as?
CVE-2008-1456 is classified as an array index vulnerability within the Event System of Microsoft Windows.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft windows nt
- version/microsoft windows nt/2008
- version/microsoft windows nt/vista
- version/microsoft windows nt/xp-sp3
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp1
- version/microsoft windows 2003 server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2