CVE-2008-1440

Microsoft Windows XP <SP3 - DoS

Title source: llm

Description

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

References (7)

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473

[Broken Link] http://www.vupen.com/english/advisories/2008/1783

[Broken Link, Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-162B.html

[Broken Link, Permissions Required, Vendor Advisory] http://secunia.com/advisories/30587

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29508

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1020230

Scores

EPSS 0.5059

EPSS Percentile 97.9%

Details

CWE

CWE-1284

Status published

Products (2)

microsoft/windows_server_2003 (2 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Jun 12, 2008

Tracked Since Feb 18, 2026