CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

Published: Jun 12, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1440
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-20
CWE-1284

Affected Software
References

Software	From	Fixed in
microsoft / windows_xp	-	-
microsoft / windows_server_2003	-	-
microsoft / windows_server_2003	--sp2	--sp2.x

http://secunia.com/advisories/30587
http://securitytracker.com/id?1020230
http://www.securityfocus.com/bid/29508
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
http://www.vupen.com/english/advisories/2008/1783
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473

Vulnerability Database

289,599

CVE-2008-1440