Vulnerabilities > CVE-2008-1446 - Integer Overflow OR Wraparound vulnerability in Microsoft Internet Information Services
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| OS | 7 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-062.NASL description The remote host contains a version of Windows that is vulnerable to a security flaw that could allow a remote user to execute arbitrary code on the remote host via an integer overflow in the internet printing service. last seen 2020-06-01 modified 2020-06-02 plugin id 34407 published 2008-10-15 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34407 title MS08-062: Microsoft IIS IPP Service Unspecified Remote Overflow (953155) NASL family Web Servers NASL id IIS_7_PCI.NASL description According to the HTTP server banner the remote server is IIS 7.0. The server may be vulnerable to a number of vulnerabilities including a couple of remote code execution vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108808 published 2018-04-03 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108808 title Microsoft IIS 7.0 Vulnerabilities (uncredentialed) (PCI/DSS)
Oval
| accepted | 2011-12-05T04:00:30.372-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:5764 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2008-10-14T13:33:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | Integer Overflow in IPP Service Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 73 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31682 CVE(CAN) ID: CVE-2008-1446 Microsoft Windows是微软发布的非常流行的操作系统。 IIS的Internet打印协议ISAPI扩展在处理特制的IPP响应时存在整数溢出漏洞。如果Windows系统上在运行IIS且启用了Internet打印服务的话,远程攻击者可以通过特制的HTTP POST请求诱骗受影响的服务器连接到恶意的IPP服务器来触发这个溢出,导致执行任意指令。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 临时解决方法: * 禁用IPP服务。 * 运行IIS锁定工具2.1。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-062)以及相应补丁: MS08-062:Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx?pf=true</a> |
| id | SSV:4241 |
| last seen | 2017-11-19 |
| modified | 2008-10-15 |
| published | 2008-10-15 |
| reporter | Root |
| title | Microsoft Windows Internet打印服务整数溢出漏洞(MS08-062) |
References
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://secunia.com/advisories/32248
- http://www.kb.cert.org/vuls/id/793233
- http://www.securityfocus.com/bid/31682
- http://www.securitytracker.com/id?1021048
- http://www.us-cert.gov/cas/techalerts/TA08-288A.html
- http://www.vupen.com/english/advisories/2008/2813
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45548
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764