CVE-2008-3648

EXPLOITED IN THE WILD

Microsoft Windows XP - Remote Code Execution via nslookup.exe DNS Zone Transfer

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2008-3648 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44423
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020711
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30636

Scores

EPSS 0.2197
EPSS Percentile 97.4%

Details

VulnCheck KEV 2024-08-07
InTheWild.io 2017-08-08
CWE
CWE-94
Status published
Products (1)
microsoft/windows_xp
Published Aug 12, 2008
Tracked Since Feb 18, 2026