Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-049.
Impact
Remote exploitation allows attackers to execute arbitrary code with system privileges.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx
Insight
Issues are due to the Microsoft Windows Event System does not properly validate the range of indexes when calling an array of function pointers and fails to handle per-user subscription requests.
Affected
Microsoft Windows 2K/XP/2003
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1456, CVE-2008-1457 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- Cumulative Security Update for Internet Explorer (937143)
- Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)