Unrated severityNVD Advisory· Published Jun 12, 2008· Updated Apr 23, 2026

CVE-2008-1440

Description

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

Affected products

Microsoft/Windows Server 20032 versions
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/29508nvdBroken LinkPatchThird Party AdvisoryVDB Entry
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036nvdPatchVendor Advisory
secunia.com/advisories/30587nvdBroken LinkPermissions RequiredVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.us-cert.gov/cas/techalerts/TA08-162B.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
www.vupen.com/english/advisories/2008/1783nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.040
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000