Exposures › CVE-2008-4250
Microsoft Windows Server Service buffer overflow vulnerability (CVE-2008-4250) enabled remote code execution via crafted RPC requests.
This 2008 vulnerability allowed remote attackers to execute arbitrary code through a crafted RPC request targeting path canonicalization in the Windows Server Service. As a KEV entry actively exploited in the wild, it represents a critical supply-chain risk for DIB organizations relying on Windows infrastructure, requiring immediate patching and network segmentation to prevent unauthorized access.
Shame score — While the vulnerability was actively exploited, it was disclosed and patched relatively quickly compared to some other high-profile failures.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |