Vulnerabilities > CVE-2008-4800 - Resource Management Errors vulnerability in Microsoft Debug Diagnostic Tool
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Microsoft DebugDiag 1.0 'CrashHangExt.dll' ActiveX Control Remote Denial of Service Vulnerability. CVE-2008-4800. Dos exploit for windows platform |
| id | EDB-ID:32550 |
| last seen | 2016-02-03 |
| modified | 2008-10-30 |
| published | 2008-10-30 |
| reporter | suN8Hclf |
| source | https://www.exploit-db.com/download/32550/ |
| title | Microsoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service Vulnerability |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31996 CVE(CAN) ID: CVE-2008-4800 调试诊断工具(DebugDiag)用于排除Win32用户态进程中挂起、内存泄露或崩溃等故障。 DebugDiag所提供的CrashHangExt.dll没有正确地验证某些输入参数,如果用户受骗访问了恶意网页的话,就会在使用该控件的应用(通常为IE)中触发空指针引用,导致拒绝服务的情况。 Microsoft DebugDiag 1.0 Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.microsoft.com/technet/security/ target=_blank>http://www.microsoft.com/technet/security/</a> |
| id | SSV:4385 |
| last seen | 2017-11-19 |
| modified | 2008-10-31 |
| published | 2008-10-31 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4385 |
| title | Microsoft DebugDiag CrashHangExt.dll ActiveX控件拒绝服务漏洞 |