CVE-2008-1454 : Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1

Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.

Published 2008-07-08 23:41:00

Updated 2025-04-09 00:30:58

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2008-1454

Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1454

EPSS FAQ

51.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1454

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.4	HIGH	AV:N/AC:L/Au:N/C:N/I:C/A:C	10.0	9.2	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: Complete

References for CVE-2008-1454

http://www.securitytracker.com/id?1020437

GoDaddy Domain Name Search

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5380
http://www.vupen.com/english/advisories/2008/2019/references

Site en construction
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/30132

Patch
http://www.us-cert.gov/cas/techalerts/TA08-190A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037

Microsoft Security Bulletin MS08-037 - Important | Microsoft Learn

CVEs referencing this url
http://secunia.com/advisories/30925

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-1454

Products affected by CVE-2008-1454

Exploit prediction scoring system (EPSS) score for CVE-2008-1454

CVSS scores for CVE-2008-1454

References for CVE-2008-1454