Cyber Resilience

CVE-2008-4250

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCEUpdated

Published: 23 October 2008

Published
23 October 2008
Modified
21 May 2026
KEV Added
20 May 2026
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9180 99.7th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2008-4250 is a critical-severity Code Injection (CWE-94) vulnerability in Microsoft Windows Server 2003. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta contains a vulnerability that permits remote code execution. A crafted RPC request can trigger a buffer overflow during path canonicalization, classified under CWE-94 and CWE-119 with a CVSS 3.1 score of 9.8 reflecting network-accessible impact to confidentiality, integrity, and availability.

Remote unauthenticated attackers can exploit the flaw to run arbitrary code on affected systems. The issue was observed being leveraged in the wild by the Gimmiv.A malware in October 2008.

Advisories and patch information are referenced in sources such as Secunia advisory 32326, CERT VU 827267, and related Microsoft security bulletins linked from the provided URLs.

EU & UK References

Vulnerability details

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers…

more

the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

CWE(s)
KEV Date Added
20 May 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 2000
all versions
microsoft
windows server 2003
all versions
microsoft
windows server 2008
all versions
microsoft
windows vista
all versions
microsoft
windows xp
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch that eliminates the RPC path-canonicalization buffer overflow in the Server service.

prevent

Boundary-protection rules can block unauthenticated RPC traffic to TCP 445/139 from untrusted networks, preventing remote exploitation of the flaw.

prevent

Enforces access-control decisions on the Server service, limiting which remote principals may invoke the vulnerable RPC interface even if network reachability exists.

References