Vulnerability Details : CVE-2008-5159
Public exploit exists!
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-5159
Probability of exploitation activity in the next 30 days: 56.95%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-5159
-
WinComLPD Buffer Overflow
Disclosure Date: 2008-02-04First seen: 2020-04-26exploit/windows/lpd/wincomlpd_adminThis module exploits a stack buffer overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-5159
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-5159
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5159
-
http://www.securityfocus.com/bid/27614
WinComLPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability
- http://aluigi.org/adv/wincomalpd-adv.txt
- http://www.securityfocus.com/archive/1/487507/100/200/threaded
- http://aluigi.org/poc/wincomalpd.zip
- http://securityreason.com/securityalert/4610
- http://www.vupen.com/english/advisories/2008/0410
Products affected by CVE-2008-5159
- cpe:2.3:a:clientsoftware:wincome_mpd_total:*:*:*:*:*:*:*:*