Executive Summary

Title Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Name MS08-001 First vendor Publication 2008-01-08
Vendor Microsoft Last vendor Modification 2008-01-08
Severity (Vendor) Critical Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5271
Oval ID: oval:org.mitre.oval:def:5271
Title: Windows Kernel TCP/IP/ICMP Vulnerability
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2007-0066
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5370
Oval ID: oval:org.mitre.oval:def:5370
Title: Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability
Description: Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2007-0069
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Definition Synopsis:

CPE : Common Platform Enumeration

Application 1
Application 1
Os 1
Os 4
Os 2
Os 1
Os 3

OpenVAS Exploits

Date Description
2011-01-13 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
File : nvt/gb_ms08-001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
40070 Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution

A buffer overflow exists in Windows. The TCP/IP implementation fails to validate IGMPv3 and MLDv2 packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbtrary code execution resulting in a loss of integrity.
40069 Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when handling fragmented router advertisement ICMP queries, and will result in loss of availability for the platform.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt
RuleID : 13288 - Revision : 15 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows remote kernel tcp/ip igmp vulnerability exploit attempt
RuleID : 13287 - Revision : 13 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2008-01-08 Name : It is possible to execute code on the remote host.
File : smb_nt_ms08-001.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 11:45:50
  • Multiple Updates
2014-01-19 21:30:09
  • Multiple Updates
2013-05-11 00:49:17
  • Multiple Updates