{"uuid": "57fc0482-b71e-41c5-8138-a0e2fb2f6c99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2008-4250", "type": "seen", "source": "https://infosec.exchange/users/secdb/statuses/116608677530202595", "content": "\ud83d\udea8 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)\nCISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.\n\u26a0\ufe0f CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)- Name: Microsoft Windows Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Windows- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250\n\u26a0\ufe0f CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: DirectX- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537\n\u26a0\ufe0f CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Adobe- Product: Acrobat and Reader- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459\n\u26a0\ufe0f CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)- Name: Microsoft Internet Explorer Use-After-Free Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Internet Explorer- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249\n\u26a0\ufe0f CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)- Name: Microsoft Internet Explorer Use-After-Free Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Internet Explorer- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806\n\u26a0\ufe0f CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)- Name: Microsoft Defender Link Following Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Defender- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091\n\u26a0\ufe0f CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)- Name: Microsoft Defender Denial of Service Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Defender- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498\n#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498", "creation_timestamp": "2026-05-20T21:13:36.365438Z"}