Vulnerability Details : CVE-2008-3466
Public exploit exists!
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Vulnerability category: BypassGain privilege
Products affected by CVE-2008-3466
- cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3466
96.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-3466
-
Microsoft Host Integration Server 2006 Command Execution Vulnerability
Disclosure Date: 2008-10-14First seen: 2020-04-26auxiliary/admin/ms/ms08_059_his2006This module exploits a command-injection vulnerability in Microsoft Host Integration Server 2006. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-3466
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-3466
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3466
-
http://marc.info/?l=bugtraq&m=122479227205998&w=2
'[security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059
-
http://www.securityfocus.com/bid/31620
Exploit;Patch
-
http://www.vupen.com/english/advisories/2008/2810
-
http://www.securitytracker.com/id?1021043
-
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Page Not Found | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
Jump to