CVE-2008-4268

Description

The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."

Related CPE's

omicrosoftwindows_vista*gold******

omicrosoftwindows_vista*sp1x64*****

omicrosoftwindows_server_2008********

omicrosoftwindows_server_2008**x32*****

omicrosoftwindows_server_2008**x64*****

omicrosoftwindows_vista**x64*****

omicrosoftwindows_vista*sp1******

omicrosoftwindows_server_2008**itanium*****

References

1021366

TA08-344A

US Government Resource

33053

ADV-2008-3387

oval:org.mitre.oval:def:5853

MS08-075

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:S/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

SINGLE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

8.5

Created by Yello
About Severity.io