CVE-2008-4250
Published: 23 October 2008
Summary
CVE-2008-4250 is a critical-severity Code Injection (CWE-94) vulnerability in Microsoft Windows Server 2003. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta contains a vulnerability that permits remote code execution. A crafted RPC request can trigger a buffer overflow during path canonicalization, classified under CWE-94 and CWE-119 with a CVSS 3.1 score of 9.8 reflecting network-accessible impact to confidentiality, integrity, and availability.
Remote unauthenticated attackers can exploit the flaw to run arbitrary code on affected systems. The issue was observed being leveraged in the wild by the Gimmiv.A malware in October 2008.
Advisories and patch information are referenced in sources such as Secunia advisory 32326, CERT VU 827267, and related Microsoft security bulletins linked from the provided URLs.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2008-4233
Vulnerability details
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers…
more
the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
- CWE(s)
- KEV Date Added
- 20 May 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patch that eliminates the RPC path-canonicalization buffer overflow in the Server service.
Boundary-protection rules can block unauthenticated RPC traffic to TCP 445/139 from untrusted networks, preventing remote exploitation of the flaw.
Enforces access-control decisions on the Server service, limiting which remote principals may invoke the vulnerable RPC interface even if network reachability exists.