PT-2008-3012 · Microsoft · Windows Xp+1
Published
2008-06-12
·
Updated
2024-02-13
·
CVE-2008-1440
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows XP versions SP2 through SP3
Microsoft Windows Server 2003 versions SP1 through SP2
Description
The issue arises from improper validation of the option length field in Pragmatic General Multicast (PGM) packets, allowing remote attackers to cause a denial of service. This can result in an infinite loop and system hang via a crafted PGM packet.
Recommendations
For Microsoft Windows XP versions SP2 through SP3, apply the necessary patch to fix the improper validation of the option length field in PGM packets.
For Microsoft Windows Server 2003 versions SP1 through SP2, apply the necessary patch to fix the improper validation of the option length field in PGM packets.
As a temporary workaround, consider restricting access to PGM packets until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows Server 2003
Windows Xp