CVE-2008-4800

CVE Database · CVE-2008-4800

CVE-2008-4800

· N/AModified

CVSS v3.1

N/A

EPSS

25.78%

Published

Oct 30, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Weaknesses (CWE)

CWE-399

Affected Products (1)

microsoft · debug_diagnostic_toolvulnerable

References (8)

http://securityreason.com/securityalert/4532

http://www.securityfocus.com/archive/1/497943/100/0/threaded

http://www.securityfocus.com/bid/31996

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/46309

http://securityreason.com/securityalert/4532

http://www.securityfocus.com/archive/1/497943/100/0/threaded

http://www.securityfocus.com/bid/31996

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/46309

KEV Catalog EPSS Scores Vendors All CVEs