Unrated severityNVD Advisory· Published Oct 15, 2008· Updated Jun 16, 2026
CVE-2008-3466
CVE-2008-3466
Description
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*+ 1 more
- cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*+ 2 more
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*
- cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*
- Range: 2000, 2004, and 2006
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/32233nvdPatchVendor Advisory
- www.securityfocus.com/bid/31620nvdExploitPatch
- www.us-cert.gov/cas/techalerts/TA08-288A.htmlnvdUS Government Resource
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- marc.infonvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/2810nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075nvd
News mentions
0No linked articles in our index yet.