Vulnerability Details : CVE-2008-4037
Public exploit exists!
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2008-4037
- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:sp1:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:xp:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:xp:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:xp:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:xp:unknown:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:server_2003:unknown:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:x32:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4037
58.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-4037
-
MS08-068 Microsoft Windows SMB Relay Code Execution
Disclosure Date: 2001-03-31First seen: 2020-04-26exploit/windows/smb/smb_relayThis module will relay SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbi
CVSS scores for CVE-2008-4037
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4037
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4037
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012
404 Not Found
-
http://securitytracker.com/id?1021163
GoDaddy Domain Name Search
-
http://www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/
Application Security Research, News, & Education Blog | Veracode | Veracode
-
http://www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html
Page not found | Network World
-
http://www.securityfocus.com/bid/7385
Exploit;Patch
-
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README
Exploit
-
http://www.vupen.com/english/advisories/2008/3110
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://marc.info/?l=bugtraq&m=122703006921213&w=2
'[security bulletin] HPSBST02386 SSRT080164 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC
-
http://www.us-cert.gov/cas/techalerts/TA08-316A.html
Page Not Found | CISAUS Government Resource
-
http://www.xfocus.net/articles/200305/smbrelay.html
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068
Microsoft Security Bulletin MS08-068 - Important | Microsoft Learn
-
http://secunia.com/advisories/32633
About Secunia Research | FlexeraVendor Advisory
-
http://osvdb.org/49736
-
https://www.exploit-db.com/exploits/7125
Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068) - Windows remote Exploit
-
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch
Exploit
Jump to