Vulnerabilities In Event System Could Allow Remote Code Execution (950974) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-049.

Impact

Remote exploitation allows attackers to execute arbitrary code with system privileges. Impact Level : System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx

Insight

Issues are due to the Microsoft Windows Event System does not properly validate the range of indexes when calling an array of function pointers and fails to handle per-user subscription requests.

Affected

Microsoft Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-1456, CVE-2008-1457

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
Cumulative Security Update for Internet Explorer (937143)
Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)

Vulnerabilities in Event System Could Allow Remote Code Execution (950974)

Take action and discover your vulnerabilities