CVE-2008-3466

Microsoft Host Integration Server 2000, 2004, 2006 - Unauthenticated Remote Code Execution via SNA RPC Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3466. PoCs published by MC, including Metasploit module auxiliary/admin/ms/ms08_059_his2006.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Microsoft Host Integration Server 2006 via DCERPC. It binds to the RPC service and executes arbitrary commands by calling the vulnerable `_SnaRpcService_RunExecutable` function (opcode 0x01).

Description

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Exploits (1)

metasploit WORKING POC
by MC · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/ms/ms08_059_his2006.rb

This Metasploit module exploits a command injection vulnerability in Microsoft Host Integration Server 2006 via DCERPC. It binds to the RPC service and executes arbitrary commands by calling the vulnerable `_SnaRpcService_RunExecutable` function (opcode 0x01).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Host Integration Server 2006
No auth needed
Prerequisites: Network access to the target's RPC service · DCERPC endpoint discovery
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2810
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31620
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32233
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021043
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075

Scores

EPSS 0.8472
EPSS Percentile 99.4%

Details

CWE
CWE-287
Status published
Products (3)
microsoft/host_integration_server_2000 (2 CPE variants)
microsoft/host_integration_server_2004 (3 CPE variants)
microsoft/host_integration_server_2006 (2 CPE variants)
Published Oct 15, 2008
Tracked Since Feb 18, 2026