CVE-2008-4038
Title: Microsoft Windows 2000 RCE
Memory Corruption
Proof Of Concept
No public PoC currently indexed for CVE-2008-4038.
CWE Category
CWE-119
Published Date
Oct 15, 2008
Modified Date
Jun 16, 2026
Exploit Status
Not Found
Score
10.0
CVSS v2.0
Exploit Probability (EPSS)
39.17%
Vulnerability Summary
CVE-2008-4038: Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
Impacted Vendors
Reference Links
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32249
http://www.securityfocus.com/bid/31647
http://www.securitytracker.com/id?1021049
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2814
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063
https://exchange.xforce.ibmcloud.com/vulnerabilities/45560
https://exchange.xforce.ibmcloud.com/vulnerabilities/45561
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32249
http://www.securityfocus.com/bid/31647
http://www.securitytracker.com/id?1021049
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2814
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063
https://exchange.xforce.ibmcloud.com/vulnerabilities/45560
https://exchange.xforce.ibmcloud.com/vulnerabilities/45561
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2008-4038 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.