[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2008-4250":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-21T14:01:49.036Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":118,"aliases":205,"duplicate_of":9,"upstream":206,"downstream":207,"duplicates":208,"related":209,"reserved_at":9,"published_at":210,"modified_at":211,"state":212,"summary":213,"references_raw":222,"kevs":320,"epss":331,"epss_history":333,"metrics":527,"affected":536},"CVE-2008-4250","The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka \"Server Service Vulnerability.\"",null,[11,62],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],{"_key":63,"id":63,"name":64,"description":65,"type":15,"status":66,"abstraction":67,"likelihood_of_exploit":68,"capec":69},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","Stable","Class","High",[70,74,78,82,86,90,94,98,102,106,110,114],{"id":71,"name":72,"techniques":73},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":75,"name":76,"techniques":77},"CAPEC-100","Overflow Buffers",[],{"id":79,"name":80,"techniques":81},"CAPEC-123","Buffer Manipulation",[],{"id":83,"name":84,"techniques":85},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":87,"name":88,"techniques":89},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":91,"name":92,"techniques":93},"CAPEC-42","MIME Conversion",[],{"id":95,"name":96,"techniques":97},"CAPEC-44","Overflow Binary Resource File",[],{"id":99,"name":100,"techniques":101},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":103,"name":104,"techniques":105},"CAPEC-46","Overflow Variables and Tags",[],{"id":107,"name":108,"techniques":109},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":111,"name":112,"techniques":113},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":115,"name":116,"techniques":117},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[119,128,144,154,163,171,179,187],{"_key":120,"name":121,"source":122,"url":123,"maturity":124,"reliability_score":125,"verified":126,"type":9,"platforms":127,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_DE08CD1F74FAC323","Exploit Reference (securityfocus.com)","reference","http://www.securityfocus.com/bid/31874","unknown",0.2,false,[],{"_key":129,"name":130,"source":131,"url":132,"maturity":133,"reliability_score":134,"verified":135,"type":136,"platforms":137,"requires_auth":9,"exploitdb":139,"metasploit":9},"6824","Microsoft Windows Server - Code Execution (PoC) (MS08-067)","exploit-database","https://www.exploit-db.com/exploits/6824","poc",0.8,true,"dos",[138],"windows",{"verified":135,"type":136,"platform":138,"file":140,"codes":141},"exploits/windows/dos/6824.txt",[142,7,143],"OSVDB-49243","MS08-067",{"_key":145,"name":146,"source":131,"url":147,"maturity":133,"reliability_score":148,"verified":126,"type":149,"platforms":150,"requires_auth":9,"exploitdb":151,"metasploit":9},"40279","Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)","https://www.exploit-db.com/exploits/40279",0.5,"remote",[138],{"verified":126,"type":149,"platform":138,"file":152,"codes":153},"exploits/windows/remote/40279.py",[7,143],{"_key":155,"name":156,"source":131,"url":157,"maturity":158,"reliability_score":134,"verified":135,"type":149,"platforms":159,"requires_auth":9,"exploitdb":160,"metasploit":9},"7104","Microsoft Windows Server - Code Execution (MS08-067)","https://www.exploit-db.com/exploits/7104","weaponized",[138],{"verified":135,"type":149,"platform":138,"file":161,"codes":162},"exploits/windows/remote/7104.c",[142,7,143],{"_key":164,"name":165,"source":131,"url":166,"maturity":158,"reliability_score":134,"verified":135,"type":149,"platforms":167,"requires_auth":9,"exploitdb":168,"metasploit":9},"16362","Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)","https://www.exploit-db.com/exploits/16362",[138],{"verified":135,"type":149,"platform":138,"file":169,"codes":170},"exploits/windows/remote/16362.rb",[7,142,143],{"_key":172,"name":173,"source":131,"url":174,"maturity":158,"reliability_score":134,"verified":135,"type":149,"platforms":175,"requires_auth":9,"exploitdb":176,"metasploit":9},"6841","Microsoft Windows Server - Universal Code Execution (MS08-067)","https://www.exploit-db.com/exploits/6841",[138],{"verified":135,"type":149,"platform":138,"file":177,"codes":178},"exploits/windows/remote/6841.txt",[7,143],{"_key":180,"name":181,"source":131,"url":182,"maturity":158,"reliability_score":134,"verified":135,"type":149,"platforms":183,"requires_auth":9,"exploitdb":184,"metasploit":9},"7132","Microsoft Windows Server 2000/2003 - Code Execution (MS08-067)","https://www.exploit-db.com/exploits/7132",[138],{"verified":135,"type":149,"platform":138,"file":185,"codes":186},"exploits/windows/remote/7132.py",[142,7,143],{"_key":188,"name":189,"source":190,"url":191,"maturity":158,"reliability_score":192,"verified":135,"type":149,"platforms":193,"requires_auth":126,"exploitdb":9,"metasploit":194},"MSF_EXPLOIT_WINDOWS_SMB_MS08_067_NETAPI","MS08-067 Microsoft Server Service Relative Path Stack Corruption","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/windows/smb/ms08_067_netapi.rb",0.8333333333333334,[],{"fullname":195,"rank":196,"rank_name":197,"post_auth":126,"check":135,"notes":198},"exploit/windows/smb/ms08_067_netapi",500,"great",{"Stability":199,"SideEffects":201,"Reliability":203},[200],"unknown-stability",[202],"unknown-side-effects",[204],"unknown-reliability",[],[],[],[],[],"2008-10-23T21:00:00.000Z","2026-05-21T03:55:20.953Z","Analyzed",{"cisa_kev":135,"cisa_ransomware":126,"cisa_vendor":214,"epss_severity":215,"epss_score":216,"severity":217,"severity_score":218,"severity_version":219,"severity_source":220,"severity_vector":221,"severity_status":212},"Microsoft","critical",0.93482,"high",10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[223,233,239,245,252,257,260,264,269,275,278,283,288,293,298,301,305,311,315],{"url":224,"sources":225,"tags":227},"http://marc.info/?l=bugtraq&m=122703006921213&w=2",[226,220],"cve.org",[228,229,230,231,232],"Vendor Advisory","X Refsource HP","Issue Tracking","Mailing List","Third Party Advisory",{"url":234,"sources":235,"tags":236},"http://secunia.com/advisories/32326",[226,220],[232,237,238,228],"X Refsource SECUNIA","Patch",{"url":240,"sources":241,"tags":242},"http://www.kb.cert.org/vuls/id/827267",[226,220],[232,243,244],"X Refsource CERT VN","US Government Resource",{"url":246,"sources":247,"tags":248},"http://www.securitytracker.com/id?1021091",[226,220],[249,250,232,251],"VDB Entry","X Refsource SECTRACK","Broken Link",{"url":182,"sources":253,"tags":254},[226,220],[255,256,232,249],"Exploit","X Refsource EXPLOIT DB",{"url":174,"sources":258,"tags":259},[226,220],[255,256,232,249],{"url":123,"sources":261,"tags":262},[226,220],[249,263,255,238,232,251],"X Refsource BID",{"url":265,"sources":266,"tags":267},"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067",[226,220],[228,268,238],"X Refsource MS",{"url":270,"sources":271,"tags":272},"http://blogs.securiteam.com/index.php/archives/1150",[226,220],[273,274],"X Refsource MISC","Permissions Required",{"url":132,"sources":276,"tags":277},[226,220],[255,256,232,249],{"url":279,"sources":280,"tags":281},"http://www.vupen.com/english/advisories/2008/2902",[226,220],[249,282,228],"X Refsource VUPEN",{"url":284,"sources":285,"tags":286},"https://exchange.xforce.ibmcloud.com/vulnerabilities/46040",[226,220],[249,287,232],"X Refsource XF",{"url":289,"sources":290,"tags":291},"http://www.securityfocus.com/archive/1/497808/100/0/threaded",[226,220],[231,292,232,249,251],"X Refsource BUGTRAQ",{"url":294,"sources":295,"tags":296},"http://www.us-cert.gov/cas/techalerts/TA08-297A.html",[226,220],[232,297,244,251],"X Refsource CERT",{"url":157,"sources":299,"tags":300},[226,220],[255,256,232,249],{"url":302,"sources":303,"tags":304},"http://www.us-cert.gov/cas/techalerts/TA09-088A.html",[226,220],[232,297,244],{"url":306,"sources":307,"tags":308},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093",[226,220],[249,309,310,232,251],"Signature","X Refsource OVAL",{"url":312,"sources":313,"tags":314},"http://www.securityfocus.com/archive/1/497816/100/0/threaded",[226,220],[231,292,232,249,251],{"url":316,"sources":317,"tags":318},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-4250",[226,220],[319,244],"Government Resource",[321],{"source":322,"vendor":214,"product":323,"date_added":324,"vulnerability_name":325,"short_description":326,"required_action":327,"due_date":328,"known_ransomware_campaign_use":329,"notes":330,"exploitation_type":9},"cisa","Windows","2026-05-20","Microsoft Windows Buffer Overflow Vulnerability","Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-06-03","Unknown","https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250",{"date":324,"score":216,"percentile":332},0.99828,[334,338,340,343,345,347,349,351,353,355,357,359,361,363,365,368,370,372,374,376,378,381,383,385,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,485,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,522,524],{"date":335,"score":336,"percentile":337},"2025-11-04",0.94038,0.9989,{"date":339,"score":336,"percentile":337},"2025-11-05",{"date":341,"score":336,"percentile":342},"2025-11-06",0.99891,{"date":344,"score":336,"percentile":337},"2025-11-07",{"date":346,"score":336,"percentile":337},"2025-11-08",{"date":348,"score":336,"percentile":337},"2025-11-09",{"date":350,"score":336,"percentile":342},"2025-11-10",{"date":352,"score":336,"percentile":342},"2025-11-11",{"date":354,"score":336,"percentile":342},"2025-11-12",{"date":356,"score":336,"percentile":342},"2025-11-13",{"date":358,"score":336,"percentile":342},"2025-11-14",{"date":360,"score":336,"percentile":342},"2025-11-15",{"date":362,"score":336,"percentile":342},"2025-11-16",{"date":364,"score":336,"percentile":342},"2025-11-17",{"date":366,"score":336,"percentile":367},"2025-11-18",0.99934,{"date":369,"score":336,"percentile":367},"2025-11-19",{"date":371,"score":336,"percentile":367},"2025-11-20",{"date":373,"score":336,"percentile":337},"2025-11-21",{"date":375,"score":336,"percentile":337},"2025-11-22",{"date":377,"score":336,"percentile":342},"2025-11-23",{"date":379,"score":336,"percentile":380},"2025-11-24",0.99889,{"date":382,"score":336,"percentile":380},"2025-11-25",{"date":384,"score":336,"percentile":380},"2025-11-26",{"date":386,"score":336,"percentile":387},"2025-11-27",0.99888,{"date":389,"score":336,"percentile":387},"2025-11-28",{"date":391,"score":336,"percentile":387},"2025-11-29",{"date":393,"score":336,"percentile":387},"2025-11-30",{"date":395,"score":336,"percentile":337},"2025-12-01",{"date":397,"score":336,"percentile":337},"2025-12-02",{"date":399,"score":336,"percentile":337},"2025-12-03",{"date":401,"score":336,"percentile":387},"2025-12-04",{"date":403,"score":336,"percentile":387},"2025-12-05",{"date":405,"score":336,"percentile":387},"2025-12-06",{"date":407,"score":336,"percentile":387},"2025-12-07",{"date":409,"score":336,"percentile":387},"2025-12-08",{"date":411,"score":336,"percentile":380},"2025-12-09",{"date":413,"score":336,"percentile":387},"2025-12-10",{"date":415,"score":336,"percentile":380},"2025-12-11",{"date":417,"score":336,"percentile":380},"2025-12-12",{"date":419,"score":336,"percentile":387},"2025-12-13",{"date":421,"score":336,"percentile":387},"2025-12-14",{"date":423,"score":336,"percentile":380},"2025-12-15",{"date":425,"score":336,"percentile":380},"2025-12-16",{"date":427,"score":336,"percentile":380},"2025-12-17",{"date":429,"score":336,"percentile":337},"2025-12-18",{"date":431,"score":336,"percentile":380},"2025-12-19",{"date":433,"score":336,"percentile":337},"2025-12-20",{"date":435,"score":336,"percentile":337},"2025-12-21",{"date":437,"score":336,"percentile":337},"2025-12-22",{"date":439,"score":336,"percentile":337},"2025-12-23",{"date":441,"score":336,"percentile":337},"2025-12-24",{"date":443,"score":336,"percentile":342},"2025-12-25",{"date":445,"score":336,"percentile":337},"2025-12-26",{"date":447,"score":448,"percentile":449},"2025-12-27",0.94126,0.99907,{"date":451,"score":336,"percentile":337},"2025-12-28",{"date":453,"score":336,"percentile":342},"2025-12-29",{"date":455,"score":336,"percentile":337},"2025-12-30",{"date":457,"score":336,"percentile":337},"2025-12-31",{"date":459,"score":336,"percentile":342},"2026-01-01",{"date":461,"score":336,"percentile":342},"2026-01-02",{"date":463,"score":336,"percentile":342},"2026-01-03",{"date":465,"score":336,"percentile":337},"2026-01-04",{"date":467,"score":336,"percentile":337},"2026-01-05",{"date":469,"score":336,"percentile":337},"2026-01-06",{"date":471,"score":336,"percentile":337},"2026-01-07",{"date":473,"score":336,"percentile":337},"2026-01-08",{"date":475,"score":336,"percentile":337},"2026-01-09",{"date":477,"score":336,"percentile":342},"2026-01-10",{"date":479,"score":336,"percentile":342},"2026-01-11",{"date":481,"score":336,"percentile":342},"2026-01-12",{"date":483,"score":336,"percentile":484},"2026-01-13",0.99892,{"date":486,"score":336,"percentile":487},"2026-01-14",0.99893,{"date":489,"score":336,"percentile":484},"2026-01-15",{"date":491,"score":336,"percentile":484},"2026-01-16",{"date":493,"score":336,"percentile":484},"2026-01-17",{"date":495,"score":336,"percentile":337},"2026-01-18",{"date":497,"score":336,"percentile":342},"2026-01-19",{"date":499,"score":336,"percentile":342},"2026-01-20",{"date":501,"score":336,"percentile":484},"2026-01-21",{"date":503,"score":336,"percentile":484},"2026-01-22",{"date":505,"score":336,"percentile":484},"2026-01-23",{"date":507,"score":336,"percentile":484},"2026-01-24",{"date":509,"score":336,"percentile":484},"2026-01-25",{"date":511,"score":336,"percentile":487},"2026-01-26",{"date":513,"score":336,"percentile":487},"2026-01-27",{"date":515,"score":336,"percentile":487},"2026-01-28",{"date":517,"score":336,"percentile":487},"2026-01-29",{"date":519,"score":520,"percentile":521},"2026-01-30",0.93978,0.99882,{"date":523,"score":520,"percentile":521},"2026-01-31",{"date":525,"score":520,"percentile":526},"2026-02-01",0.99885,[528,534],{"source":220,"cvss_v2_0":529,"cvss_v3_0":9,"cvss_v3_1":530,"cvss_v4_0":9},{"baseScore":218,"baseSeverity":9,"vectorString":221,"impactScore":218,"exploitabilityScore":218},{"baseScore":531,"baseSeverity":532,"vectorString":533,"impactScore":531,"exploitabilityScore":218},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"source":226,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":535,"cvss_v4_0":9},{"baseScore":531,"baseSeverity":532,"vectorString":533,"impactScore":531,"exploitabilityScore":218},[537,546,551,556,561],{"ecosystem":9,"name":538,"vendor":539,"product":540,"cpe_part":541,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":542},"windows 2000","microsoft","windows_2000","o",[543],{"version":544,"is_range":126,"range_type":545,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe",{"ecosystem":9,"name":547,"vendor":539,"product":548,"cpe_part":541,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":549},"windows server 2003","windows_server_2003",[550],{"version":544,"is_range":126,"range_type":545,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":552,"vendor":539,"product":553,"cpe_part":541,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":554},"windows server 2008","windows_server_2008",[555],{"version":544,"is_range":126,"range_type":545,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":557,"vendor":539,"product":558,"cpe_part":541,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":559},"windows vista","windows_vista",[560],{"version":544,"is_range":126,"range_type":545,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":562,"vendor":539,"product":563,"cpe_part":541,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":564},"windows xp","windows_xp",[565],{"version":544,"is_range":126,"range_type":545,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]