Vulnerability Report

CVE-2008-4114

Title: Microsoft Windows 2000 Denial of Service (DoS)

DoS

Proof Of Concept

PoC Available for CVE-2008-4114

CWE Category CWE-399
Published Date Sep 16, 2008
Modified Date Jun 16, 2026
Exploit Status Available
Score 7.1 CVSS v2.0
Exploit Probability (EPSS)
49.27%

Vulnerability Summary

CVE-2008-4114: srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

Impacted Vendors

Reference Links

http://secunia.com/advisories/31883 http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1 http://www.securityfocus.com/archive/1/496354/100/0/threaded http://www.securityfocus.com/bid/31179 http://www.securitytracker.com/id?1020887 http://www.us-cert.gov/cas/techalerts/TA09-013A.html http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm http://www.vupen.com/english/advisories/2008/2583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/45146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044 https://www.exploit-db.com/exploits/6463 http://secunia.com/advisories/31883 http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1 http://www.securityfocus.com/archive/1/496354/100/0/threaded http://www.securityfocus.com/bid/31179 http://www.securitytracker.com/id?1020887 http://www.us-cert.gov/cas/techalerts/TA09-013A.html http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm http://www.vupen.com/english/advisories/2008/2583 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/45146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044 https://www.exploit-db.com/exploits/6463
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.1
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:N/I:N/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-4114 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/6463
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:N/I:N/A:C

Affected Stack

No specific products linked.