|
|
CVE Reference: CVE-2008-3466 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3466 |
|
|
Description: Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." |
|
|
CVE Status: Candidate |
|
|
References: ST 1021043 SAID Secunia Advisory: SA32233 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6075 MS http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745 HP http://marc.info/?l=bugtraq&m=122479227205998&w=2 CERT http://www.us-cert.gov/cas/techalerts/TA08-288A.html BID 31620 |
|
| Return to the previous page. |
