CVE-2008-1446
EXPLOITEDInternet Information Services 5.0-7.0 - Authenticated Remote Code Execution via IPP Integer Overflow
Title source: llmExploitation Summary
CVE-2008-1446 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
References (11)
Core 11
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2813
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/793233
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45545
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021048
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32248
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45548
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31682
Scores
EPSS
0.4627
EPSS Percentile
98.7%
Details
VulnCheck KEV
2008-10-29
CWE
CWE-190
Status
published
Products (1)
microsoft/internet_information_services
5.0 - 7.0
Published
Oct 15, 2008
Tracked Since
Feb 18, 2026