VYPR
Unrated severityNVD Advisory· Published Oct 15, 2008· Updated Jun 16, 2026

CVE-2008-3466

CVE-2008-3466

Description

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*
    • cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*
  • cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*
    • cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*
    • cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*
  • cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*+ 1 more
    • cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*
    • cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*
  • Range: 2000, 2004, and 2006

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.