Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-049.
Impact
Remote exploitation allows attackers to execute arbitrary code with system privileges.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx
Insight
Issues are due to the Microsoft Windows Event System does not properly validate the range of indexes when calling an array of function pointers and fails to handle per-user subscription requests.
Affected
Microsoft Windows 2K/XP/2003
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1456, CVE-2008-1457 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft DirectAccess Security Advisory (2862152)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Cumulative Security Update for Internet Explorer (961260)
- Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)