CVE-2008-4037 : Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 20

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

Published 2008-11-12 23:30:03

Updated 2023-12-07 18:38:57

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute codeBypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2008-4037

Probability of exploitation activity in the next 30 days: 11.59%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2008-4037

MS08-068 Microsoft Windows SMB Relay Code Execution

Disclosure Date: 2001-03-31

First seen: 2020-04-26

exploit/windows/smb/smb_relay

This module will relay SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbi

More information

CVSS scores for CVE-2008-4037

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4037

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4037

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012

404 Not Found
http://securitytracker.com/id?1021163

GoDaddy Domain Name Search
http://www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/

Application Security Research, News, & Education Blog | Veracode | Veracode
http://www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html

Page not found | Network World
http://www.securityfocus.com/bid/7385

Exploit;Patch
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README

Exploit
http://www.vupen.com/english/advisories/2008/3110

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Vendor Advisory
http://marc.info/?l=bugtraq&m=122703006921213&w=2

'[security bulletin] HPSBST02386 SSRT080164 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA08-316A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://www.xfocus.net/articles/200305/smbrelay.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068

Microsoft Security Bulletin MS08-068 - Important | Microsoft Learn
http://secunia.com/advisories/32633

About Secunia Research | Flexera
Vendor Advisory
http://osvdb.org/49736
https://www.exploit-db.com/exploits/7125

Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068) - Windows remote Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch

Exploit

Products affected by CVE-2008-4037

Microsoft » Windows 2000 » Version: N/A Update SP4
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update SP1
cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update SP1 Itanium Edition
cpe:2.3:o:microsoft:windows:server_2003:sp1:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update SP2
cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: XP Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows:xp:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: XP Update SP2
cpe:2.3:o:microsoft:windows:xp:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: XP Update SP3
cpe:2.3:o:microsoft:windows:xp:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: XP Update Unknown X64 Edition
cpe:2.3:o:microsoft:windows:xp:unknown:x64:*:*:*:*:*
Matching versions
Microsoft » Windows » Version: Server 2003 Update Unknown X64 Edition
cpe:2.3:o:microsoft:windows:server_2003:unknown:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A X64 Edition
cpe:2.3:o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:-:*:x32:*:*:*:*:*
Matching versions