CVE-2008-4114
First published: Tue Sep 16 2008(Updated: )
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Vista | =gold | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =gold | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Vista | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/31179
- http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1
- http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm
- http://www.securitytracker.com/id?1020887
- http://secunia.com/advisories/31883
- http://www.us-cert.gov/cas/techalerts/TA09-013A.html
- http://www.vupen.com/english/advisories/2008/2583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45146
- https://www.exploit-db.com/exploits/6463
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262
- http://www.securityfocus.com/archive/1/496354/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
Frequently Asked Questions
What is the severity of CVE-2008-4114?
CVE-2008-4114 has a high severity rating due to its potential to cause system crashes and remote denial of service.
How do I fix CVE-2008-4114?
To fix CVE-2008-4114, it is recommended to apply the latest security patches provided by Microsoft for the affected versions.
Which versions of Windows are affected by CVE-2008-4114?
CVE-2008-4114 affects Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008.
Can CVE-2008-4114 lead to data loss?
While CVE-2008-4114 primarily causes system crashes, it could potentially lead to data loss during the occurrence of denial of service.
Is CVE-2008-4114 actively exploited?
CVE-2008-4114 has been identified as vulnerable, and while exploitation may vary, it poses a significant risk to the affected systems.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server
- version/microsoft windows server/sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/gold
- version/microsoft windows vista/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3