CVE-2008-4834: Buffer Overflow
First published: Wed Jan 14 2009(Updated: )
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Vista | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-09-001/
- http://www.us-cert.gov/cas/techalerts/TA09-013A.html
- http://www.securityfocus.com/bid/33121
- http://www.securitytracker.com/id?1021560
- http://www.vupen.com/english/advisories/2009/0116
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5863
- http://www.securityfocus.com/archive/1/500012/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
Frequently Asked Questions
What is the severity of CVE-2008-4834?
CVE-2008-4834 is considered to have a critical severity level due to the potential for remote code execution.
How do I fix CVE-2008-4834?
To fix CVE-2008-4834, apply the latest security updates and patches provided by Microsoft for affected operating systems.
Which systems are affected by CVE-2008-4834?
CVE-2008-4834 affects Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2.
What is the impact of CVE-2008-4834?
The impact of CVE-2008-4834 allows remote attackers to execute arbitrary code on vulnerable systems via specially crafted SMB packets.
Is there a workaround for CVE-2008-4834?
A potential workaround for CVE-2008-4834 includes disabling the Server service or blocking TCP port 445, although this may disrupt networking functionality.
- agent/references
- agent/type
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server
- version/microsoft windows server/sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3