CVE-2008-3466

CVE Database · CVE-2008-3466

CVE-2008-3466

· N/AModified

CVSS v3.1

N/A

EPSS

77.74%

Published

Oct 14, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Weaknesses (CWE)

CWE-287

Affected Products (7)

microsoft · host_integration_server_2000vulnerable

microsoft · host_integration_server_2004vulnerable

microsoft · host_integration_server_2006vulnerable

References (18)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://secunia.com/advisories/32233

PatchVendor Advisory

http://www.securityfocus.com/bid/31620