CVE-2008-3648: Remote Code Execution Exploit with Windows XP nslookup.exe

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3648

Overview

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base score: 9.3 (High) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 8.6
Access Vector: Network exploitable , Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information , Allows unauthorized modification , Allows disruption of service

Posted: Aug 19 2008, 09:49 AM by aberges | with no comments

Filed under: Security, Vulnerability, Microsoft

Comments

No Comments

Andrew Berges

Recent Posts

Tags

News

Navigation

Archives

CVE-2008-3648: Remote Code Execution Exploit with Windows XP nslookup.exe

Comments