CVE-2008-4037

Microsoft Windows <2008 - RCE

Title source: llm

Description

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

Exploits (4)

metasploit WORKING POC EXCELLENT
by hdm, juan vazquez, agalway-r7, alanfoster, Spencer McIntyre · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_relay.rb
exploitdb WORKING POC VERIFIED
by Haamed Gheibi · textremotewindows
https://www.exploit-db.com/exploits/20
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16360
exploitdb WORKING POC VERIFIED
by Andres Tarasco · textremotewindows
https://www.exploit-db.com/exploits/7125

References (15)

Scores

EPSS 0.7553
EPSS Percentile 98.9%

Classification

CWE
CWE-287
Status draft

Affected Products (17)

microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows
microsoft/windows_2000
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_vista
... and 2 more

Timeline

Published Nov 12, 2008
Tracked Since Feb 18, 2026