{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87505?format=json","vulnerability_id":"VCID-ewd1-t9dy-buff","summary":"SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified \"fields inside the SMB packets\" in an NT Trans2 request, related to \"insufficiently validating the buffer size,\" aka \"SMB Validation Remote Code Execution Vulnerability.\"","aliases":[{"alias":"CVE-2008-4835"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"http://www.vupen.com/english/advisories/2009/0116","reference_id":"0116","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.vupen.com/english/advisories/2009/0116"},{"reference_url":"http://www.securityfocus.com/bid/33122","reference_id":"33122","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.securityfocus.com/bid/33122"},{"reference_url":"http://www.securitytracker.com/id?1021560","reference_id":"id?1021560","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.securitytracker.com/id?1021560"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001","reference_id":"ms09-001","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A5248","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA09-013A.html","reference_id":"TA09-013A.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA09-013A.html"},{"reference_url":"http://www.securityfocus.com/archive/1/500013/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.securityfocus.com/archive/1/500013/100/0/threaded"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-09-002/","reference_id":"ZDI-09-002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T14:26:14Z/"}],"url":"http://www.zerodayinitiative.com/advisories/ZDI-09-002/"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewd1-t9dy-buff"}