CVE-2008-3648
EXPLOITED IN THE WILDMicrosoft Windows XP - Remote Code Execution via nslookup.exe DNS Zone Transfer
Title source: llmExploitation Summary
CVE-2008-3648 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44423
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020711
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30636
Exploit x_refsource_misc
http://www.nullcode.com.ar/ncs/crash/nsloo.htm
Scores
EPSS
0.2197
EPSS Percentile
97.4%
Details
VulnCheck KEV
2024-08-07
InTheWild.io
2017-08-08
CWE
CWE-94
Status
published
Products (1)
microsoft/windows_xp
Published
Aug 12, 2008
Tracked Since
Feb 18, 2026