Vulnerabilities > CVE-2008-4800 - Resource Management Errors vulnerability in Microsoft Debug Diagnostic Tool

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
CWE-399
exploit available

Summary

The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMicrosoft DebugDiag 1.0 'CrashHangExt.dll' ActiveX Control Remote Denial of Service Vulnerability. CVE-2008-4800. Dos exploit for windows platform
idEDB-ID:32550
last seen2016-02-03
modified2008-10-30
published2008-10-30
reportersuN8Hclf
sourcehttps://www.exploit-db.com/download/32550/
titleMicrosoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service Vulnerability

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31996 CVE(CAN) ID: CVE-2008-4800 调试诊断工具(DebugDiag)用于排除Win32用户态进程中挂起、内存泄露或崩溃等故障。 DebugDiag所提供的CrashHangExt.dll没有正确地验证某些输入参数,如果用户受骗访问了恶意网页的话,就会在使用该控件的应用(通常为IE)中触发空指针引用,导致拒绝服务的情况。 Microsoft DebugDiag 1.0 Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.microsoft.com/technet/security/ target=_blank>http://www.microsoft.com/technet/security/</a>
idSSV:4385
last seen2017-11-19
modified2008-10-31
published2008-10-31
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-4385
titleMicrosoft DebugDiag CrashHangExt.dll ActiveX控件拒绝服务漏洞