What is GHSA-3v68-r58v-m4c2?

GHSA-3v68-r58v-m4c2 is a security advisory published by GitHub Security Advisories with High severity. The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista...

Which CVE IDs does GHSA-3v68-r58v-m4c2 cover?

GHSA-3v68-r58v-m4c2 covers the following CVE IDs: CVE-2008-4250. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3v68-r58v-m4c2?

GHSA-3v68-r58v-m4c2 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-3v68-r58v-m4c2HighCVSS 9.8

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista...

Vendor

GitHub Security Advisories

Published

May 2, 2022

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2008-4250 →

📋 Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

🔗 References (21)

https://nvd.nist.gov/vuln/detail/CVE-2008-4250
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067
https://exchange.xforce.ibmcloud.com/vulnerabilities/46040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093
https://www.exploit-db.com/exploits/6824
https://www.exploit-db.com/exploits/6841
https://www.exploit-db.com/exploits/7104
https://www.exploit-db.com/exploits/7132
http://blogs.securiteam.com/index.php/archives/1150
http://marc.info/?l=bugtraq&m=122703006921213&w=2
http://secunia.com/advisories/32326
http://www.kb.cert.org/vuls/id/827267
http://www.securityfocus.com/archive/1/497808/100/0/threaded
http://www.securityfocus.com/archive/1/497816/100/0/threaded
http://www.securityfocus.com/bid/31874
http://www.securitytracker.com/id?1021091
http://www.us-cert.gov/cas/techalerts/TA08-297A.html
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
http://www.vupen.com/english/advisories/2008/2902
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-4250
https://github.com/advisories/GHSA-3v68-r58v-m4c2