CVE-2008-4038
Microsoft Windows - Remote Code Execution via SMB Filename Length
Title source: llmDescription
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
References (10)
Core 10
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32249
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021049
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31647
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45560
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2814
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45561
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063
Scores
EPSS
0.3917
EPSS Percentile
98.4%
Details
CWE
CWE-119
Status
published
Products (6)
microsoft/windows_2000
microsoft/windows_server_2003
(4 CPE variants)
microsoft/windows_server_2008
(4 CPE variants)
microsoft/windows_vista
(3 CPE variants)
microsoft/windows_vista
sp1
microsoft/windows_xp
(4 CPE variants)
Published
Oct 15, 2008
Tracked Since
Feb 18, 2026