Unrated severityNVD Advisory· Published Oct 15, 2008· Updated Apr 23, 2026
CVE-2008-3466
CVE-2008-3466
Description
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Affected products
7cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*+ 1 more
- cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*+ 2 more
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/32233nvdPatchVendor Advisory
- www.securityfocus.com/bid/31620nvdExploitPatch
- www.us-cert.gov/cas/techalerts/TA08-288A.htmlnvdUS Government Resource
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- marc.infonvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/2810nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075nvd
News mentions
0No linked articles in our index yet.