VYPR
Critical severity9.8CISA KEVNVD Advisory· Published Oct 23, 2008· Updated Jun 16, 2026

CVE-2008-4250

CVE-2008-4250

Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*
    • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
    • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
    • cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*+ 2 more
    • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*
  • Microsoft/Windows5 versions
    cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*
    • cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
    • (no CPE)range: 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta
  • cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*+ 3 more
    • cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

19

News mentions

4