CVE-2008-0083

The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/28551	Patch
http://www.securitytracker.com/id?1019799
http://secunia.com/advisories/29712	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA08-099A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/1146/references	Vendor Advisory
http://marc.info/?l=bugtraq&m=120845064910729&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5495
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-022

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

Information

Published : 2008-04-08 16:05

Updated : 2018-10-12 14:44

NVD link : CVE-2008-0083

Mitre link : CVE-2008-0083

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

microsoft

windows_xp
windows_2003_server
windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/28551", "name": "28551", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019799", "name": "1019799", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29712", "name": "29712", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html", "name": "TA08-099A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.vupen.com/english/advisories/2008/1146/references", "name": "ADV-2008-1146", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=120845064910729&w=2", "name": "SSRT080048", "tags": [], "refsource": "HP"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5495", "name": "oval:org.mitre.oval:def:5495", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-022", "name": "MS08-022", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0083", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-04-08T23:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:44Z"}

9.3 /10