CVE-2008-1440
Windows XP SP2/SP3 and Server 2003 SP1/SP2 - Denial of Service via PGM Packet Option Length Field
Title source: llmDescription
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
References (7)
Core 7
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1783
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
Broken Link, Permissions Required, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30587
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29508
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1020230
Scores
EPSS
0.2259
EPSS Percentile
97.4%
Details
CWE
CWE-1284
Status
published
Products (2)
microsoft/windows_server_2003
(2 CPE variants)
microsoft/windows_xp
(2 CPE variants)
Published
Jun 12, 2008
Tracked Since
Feb 18, 2026