Remote code execution in Microsoft Windows Internet Printing Service

Published: 2008-05-02 | Updated: 2017-02-28
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2008-1446
CWE ID CWE-190
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Windows Server Subscribe
Windows
Vendor Microsoft

Security Advisory

This security advisory describes one high risk vulnerability.

1) Integer overflow

Severity: High

CVSSv3: 9.2 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2008-1446

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in Windows Internet Printing Protocol (IPP) implementation. By sending a specially crafted HTTP POST request, a remote authenticated attacker can cause memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:

Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=8163d1f6-feb5-4f39-8134-3ed42326b822
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8-4e14-95a3-3eeaec55b784
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3ae4b913-bff0-4974-b198-828ca10d2a87
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c-48c8-9348-0d6fda48aa21
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568-449d-ac97-fbf3f97b98ef
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=748f54f1-40b9-407c-9819-909061b53743
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=3d6290d8-1745-4bc0-9ca9-eeb1ad0be4a5
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=a33c833c-d5c5-4e37-8f89-7b9079f92e59

Vulnerable software versions

Windows Server: 2003, 2008

Windows: 2000, XP

CPE External links

https://technet.microsoft.com/en-us/library/security/ms08-062.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.