{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/"}, {"name": "MS09-001", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"}, {"name": "ADV-2009-0116", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0116"}, {"name": "TA09-013A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"}, {"name": "33122", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33122"}, {"name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded"}, {"name": "1021560", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021560"}, {"name": "oval:org.mitre.oval:def:5248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-4835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/"}, {"name": "MS09-001", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"}, {"name": "ADV-2009-0116", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0116"}, {"name": "TA09-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"}, {"name": "33122", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33122"}, {"name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded"}, {"name": "1021560", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021560"}, {"name": "oval:org.mitre.oval:def:5248", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:27.910Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/"}, {"name": "MS09-001", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"}, {"name": "ADV-2009-0116", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0116"}, {"name": "TA09-013A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"}, {"name": "33122", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33122"}, {"name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded"}, {"name": "1021560", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021560"}, {"name": "oval:org.mitre.oval:def:5248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T14:26:14.655083Z", "id": "CVE-2008-4835", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:49:14.523Z"}}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-4835", "datePublished": "2009-01-14T22:00:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2024-10-15T14:49:14.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001", "name": "MS09-001", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2009/0116", "name": "ADV-2009-0116", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html", "name": "TA09-013A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/33122", "name": "33122", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded", "name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1021560", "name": "1021560", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248", "name": "oval:org.mitre.oval:def:5248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:27.910Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2008-4835", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T14:26:14.655083Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:49:07.787Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-13T00:00:00", "references": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/", "tags": ["x_refsource_MISC"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001", "name": "MS09-001", "tags": ["vendor-advisory", "x_refsource_MS"]}, {"url": "http://www.vupen.com/english/advisories/2009/0116", "name": "ADV-2009-0116", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html", "name": "TA09-013A", "tags": ["third-party-advisory", "x_refsource_CERT"]}, {"url": "http://www.securityfocus.com/bid/33122", "name": "33122", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded", "name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://www.securitytracker.com/id?1021560", "name": "1021560", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248", "name": "oval:org.mitre.oval:def:5248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}], "descriptions": [{"lang": "en", "value": "SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2018-10-12T19:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/", "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/", "refsource": "MISC"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001", "name": "MS09-001", "refsource": "MS"}, {"url": "http://www.vupen.com/english/advisories/2009/0116", "name": "ADV-2009-0116", "refsource": "VUPEN"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html", "name": "TA09-013A", "refsource": "CERT"}, {"url": "http://www.securityfocus.com/bid/33122", "name": "33122", "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded", "name": "20090113 ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability", "refsource": "BUGTRAQ"}, {"url": "http://www.securitytracker.com/id?1021560", "name": "1021560", "refsource": "SECTRACK"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248", "name": "oval:org.mitre.oval:def:5248", "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4835", "STATE": "PUBLIC", "ASSIGNER": "secure@microsoft.com"}}}}, "cveMetadata": {"cveId": "CVE-2008-4835", "state": "PUBLISHED", "dateUpdated": "2024-10-15T14:49:14.523Z", "dateReserved": "2008-10-31T00:00:00", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2009-01-14T22:00:00", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*", "matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*", "matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\""}, {"lang": "es", "value": "SMB en el servicio Server en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de valores sinb especificar \"dentro de los campos de los paquetes SMB\" en una petici\u00f3n NT Trans2, relacionado con una \"validaci\u00f3n insuficiente del tama\u00f1o del b\u00fafer\", tambi\u00e9n conocido como \"vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota para validaci\u00f3n de SMB\"."}], "id": "CVE-2008-4835", "lastModified": "2024-10-15T15:35:06.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2009-01-14T22:30:00.780", "references": [{"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/500013/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/33122"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021560"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2009/0116"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-002/"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}