cvelistv5 - cve-2008-0082

CVE-2008-0082 (GCVE-0-2008-0082)

Vulnerability from cvelistv5 – Published: 2008-08-13 00:00 – Updated: 2024-08-07 07:32

Summary

An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2008/2354	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA08-225A.html	third-party-advisoryx_refsource_CERT
	http://marc.info/?l=bugtraq&m=121915960406986&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=121915960406986&w=2	vendor-advisoryx_refsource_HP
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/30551	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/495467/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/31446	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1020681	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5995",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
          },
          {
            "name": "ADV-2008-2354",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2354"
          },
          {
            "name": "TA08-225A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
          },
          {
            "name": "HPSBST02360",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "name": "SSRT080117",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "name": "MS08-050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
          },
          {
            "name": "30551",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30551"
          },
          {
            "name": "20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
          },
          {
            "name": "31446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31446"
          },
          {
            "name": "1020681",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020681"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5995",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
        },
        {
          "name": "ADV-2008-2354",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2354"
        },
        {
          "name": "TA08-225A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
        },
        {
          "name": "HPSBST02360",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
        },
        {
          "name": "SSRT080117",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
        },
        {
          "name": "MS08-050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
        },
        {
          "name": "30551",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30551"
        },
        {
          "name": "20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
        },
        {
          "name": "31446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31446"
        },
        {
          "name": "1020681",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020681"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0082",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5995",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
            },
            {
              "name": "ADV-2008-2354",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2354"
            },
            {
              "name": "TA08-225A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "HPSBST02360",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "SSRT080117",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "MS08-050",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
            },
            {
              "name": "30551",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30551"
            },
            {
              "name": "20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
            },
            {
              "name": "31446",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31446"
            },
            {
              "name": "1020681",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020681"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-0082",
    "datePublished": "2008-08-13T00:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_messenger:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83CFC566-F4BA-4E71-BA29-78B1370A5E52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_messenger:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD30E402-8BB9-4A7C-8011-16F8C6165719\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \\\"change state,\\\" obtain contact information, and establish audio or video connections without notification via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Un control ActiveX (Messenger.UIAutomation.1) en Windows Messenger versiones 4.7 y 5.1, es marcado como seguro para scripting, lo que permite a los atacantes remotos controlar la aplicaci\\u00f3n Messenger y \\\"change state\\\", obtener informaci\\u00f3n de contacto, y establecer conexiones de audio o v\\u00eddeo sin notificaci\\u00f3n por medio de vectores desconocidos.\"}]",
      "id": "CVE-2008-0082",
      "lastModified": "2024-11-21T00:41:07.647",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-08-13T00:41:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/31446\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/495467/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/30551\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1020681\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-225A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2354\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31446\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/495467/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/30551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-225A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2354\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0082\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-08-13T00:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \\\"change state,\\\" obtain contact information, and establish audio or video connections without notification via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Un control ActiveX (Messenger.UIAutomation.1) en Windows Messenger versiones 4.7 y 5.1, es marcado como seguro para scripting, lo que permite a los atacantes remotos controlar la aplicaci\u00f3n Messenger y \\\"change state\\\", obtener informaci\u00f3n de contacto, y establecer conexiones de audio o v\u00eddeo sin notificaci\u00f3n por medio de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_messenger:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83CFC566-F4BA-4E71-BA29-78B1370A5E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_messenger:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD30E402-8BB9-4A7C-8011-16F8C6165719\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/31446\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495467/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/30551\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1020681\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-225A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2354\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495467/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-225A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permet de manipuler Windows Messenger à l'insu de l'utilisateur connecté.

Description

Une vulnérabilité permet de contrôler Windows Messenger en utilisant des scripts pour manipuler un contrôle ActiveX et cela à l'insu de l'utilisateur connecté. Un attaquant peut, entre autres, en modifier l'état, démarrer la vidéo ou obtenir l'identifiant de l'utilisateur afin d'ouvrir une session à distance sur le client de messagerie à la place de l'utilisateur.

Solution

Se référer au bulletin de sécurité Microsoft MS08-050 de 12 août 2008 pour l'obtention des correctifs (cf. section Documentation).

Windows Messenger 5.1 sur Windows 2000 SP4 et les versions 4.7 et 5.1 sur les systèmes suivants :

Windows XP SP2 et SP3 ;
Windows XP pro x64 et x64 SP2 ;
Windows Server 2003 SP1 et SP2 (modéré) ;
Windows Server 2003 x64 et x64 SP2 (modéré) ;
Windows Server 2003 pour Itanium, SP1 et SP2 (modéré).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-050 du 12 août 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eWindows Messenger 5.1 sur Windows 2000  SP4 et les versions 4.7 et 5.1 sur les syst\u00e8mes suivants :  \u003cUL\u003e    \u003cLI\u003eWindows XP SP2 et SP3 ;\u003c/LI\u003e    \u003cLI\u003eWindows XP pro x64 et x64 SP2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 SP1 et SP2 (mod\u00e9r\u00e9) ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 et x64 SP2 (mod\u00e9r\u00e9) ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 pour Itanium, SP1 et SP2 (mod\u00e9r\u00e9).\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 permet de contr\u00f4ler Windows Messenger en utilisant des\nscripts pour manipuler un contr\u00f4le ActiveX et cela \u00e0 l\u0027insu de\nl\u0027utilisateur connect\u00e9. Un attaquant peut, entre autres, en modifier\nl\u0027\u00e9tat, d\u00e9marrer la vid\u00e9o ou obtenir l\u0027identifiant de l\u0027utilisateur afin\nd\u0027ouvrir une session \u00e0 distance sur le client de messagerie \u00e0 la place\nde l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS08-050 de 12 ao\u00fbt 2008\npour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0082"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-410",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permet de manipuler Windows Messenger \u00e0 l\u0027insu de\nl\u0027utilisateur connect\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Messenger",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-050 du 12 ao\u00fbt 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx"
    }
  ]
}

CERTA-2008-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permet de manipuler Windows Messenger à l'insu de l'utilisateur connecté.

Description

Solution

Se référer au bulletin de sécurité Microsoft MS08-050 de 12 août 2008 pour l'obtention des correctifs (cf. section Documentation).

Windows Messenger 5.1 sur Windows 2000 SP4 et les versions 4.7 et 5.1 sur les systèmes suivants :

Windows XP SP2 et SP3 ;
Windows XP pro x64 et x64 SP2 ;
Windows Server 2003 SP1 et SP2 (modéré) ;
Windows Server 2003 x64 et x64 SP2 (modéré) ;
Windows Server 2003 pour Itanium, SP1 et SP2 (modéré).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-050 du 12 août 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eWindows Messenger 5.1 sur Windows 2000  SP4 et les versions 4.7 et 5.1 sur les syst\u00e8mes suivants :  \u003cUL\u003e    \u003cLI\u003eWindows XP SP2 et SP3 ;\u003c/LI\u003e    \u003cLI\u003eWindows XP pro x64 et x64 SP2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 SP1 et SP2 (mod\u00e9r\u00e9) ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 et x64 SP2 (mod\u00e9r\u00e9) ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 pour Itanium, SP1 et SP2 (mod\u00e9r\u00e9).\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 permet de contr\u00f4ler Windows Messenger en utilisant des\nscripts pour manipuler un contr\u00f4le ActiveX et cela \u00e0 l\u0027insu de\nl\u0027utilisateur connect\u00e9. Un attaquant peut, entre autres, en modifier\nl\u0027\u00e9tat, d\u00e9marrer la vid\u00e9o ou obtenir l\u0027identifiant de l\u0027utilisateur afin\nd\u0027ouvrir une session \u00e0 distance sur le client de messagerie \u00e0 la place\nde l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS08-050 de 12 ao\u00fbt 2008\npour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0082"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-410",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permet de manipuler Windows Messenger \u00e0 l\u0027insu de\nl\u0027utilisateur connect\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Messenger",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-050 du 12 ao\u00fbt 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx"
    }
  ]
}

GHSA-9W65-PX9W-6J3C

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-13T00:41:00Z",
    "severity": "HIGH"
  },
  "details": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors.",
  "id": "GHSA-9w65-px9w-6j3c",
  "modified": "2022-05-01T23:27:33Z",
  "published": "2022-05-01T23:27:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0082"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31446"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30551"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020681"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0082

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0082

Aliases

CVE-2008-0082

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0082",
    "description": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors.",
    "id": "GSD-2008-0082"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0082"
      ],
      "details": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors.",
      "id": "GSD-2008-0082",
      "modified": "2023-12-13T01:22:58.541162Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-0082",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:5995",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
          },
          {
            "name": "ADV-2008-2354",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2354"
          },
          {
            "name": "TA08-225A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
          },
          {
            "name": "HPSBST02360",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "name": "SSRT080117",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "name": "MS08-050",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
          },
          {
            "name": "30551",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30551"
          },
          {
            "name": "20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
          },
          {
            "name": "31446",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31446"
          },
          {
            "name": "1020681",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020681"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:windows_messenger:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:windows_messenger:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0082"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30551",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30551"
            },
            {
              "name": "1020681",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020681"
            },
            {
              "name": "31446",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31446"
            },
            {
              "name": "HPSBST02360",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "TA08-225A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "ADV-2008-2354",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2354"
            },
            {
              "name": "oval:org.mitre.oval:def:5995",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
            },
            {
              "name": "MS08-050",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
            },
            {
              "name": "20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:57Z",
      "publishedDate": "2008-08-13T00:41Z"
    }
  }
}

FKIE_CVE-2008-0082

Vulnerability from fkie_nvd - Published: 2008-08-13 00:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://marc.info/?l=bugtraq&m=121915960406986&w=2
secure@microsoft.com	http://secunia.com/advisories/31446	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/495467/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/30551
secure@microsoft.com	http://www.securitytracker.com/id?1020681
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-225A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/2354
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=121915960406986&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31446	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495467/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30551
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020681
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-225A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2354
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995

Impacted products

	Vendor	Product	Version
	microsoft	windows_messenger	4.7
	microsoft	windows_messenger	5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_messenger:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CFC566-F4BA-4E71-BA29-78B1370A5E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:windows_messenger:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD30E402-8BB9-4A7C-8011-16F8C6165719",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and \"change state,\" obtain contact information, and establish audio or video connections without notification via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Un control ActiveX (Messenger.UIAutomation.1) en Windows Messenger versiones 4.7 y 5.1, es marcado como seguro para scripting, lo que permite a los atacantes remotos controlar la aplicaci\u00f3n Messenger y \"change state\", obtener informaci\u00f3n de contacto, y establecer conexiones de audio o v\u00eddeo sin notificaci\u00f3n por medio de vectores desconocidos."
    }
  ],
  "id": "CVE-2008-0082",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-13T00:41:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31446"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/30551"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1020681"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/2354"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495467/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0082 (GCVE-0-2008-0082)

CERTA-2008-AVI-410

Description

Solution

CERTA-2008-AVI-410

Description

Solution

GHSA-9W65-PX9W-6J3C

GSD-2008-0082

FKIE_CVE-2008-0082

Tags

Sightings

Nomenclature