CVE-2008-4037
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-4037
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 当用户连接到攻击者的SMB服务器时,Microsoft服务器消息块(SMB)协议处理NTLM凭据的方式存在远程代码执行漏洞,允许攻击者重放用户凭据,并在登录用户的下文中执行代码。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据,或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-4037
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-4037
Please Login to view more intelligence information
- http://www.xfocus.net/articles/200305/smbrelay.htmlx_refsource_MISC
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068vendor-advisoryx_refsource_MS
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2008-4037
Same Patch Batch · n/a · 2008-11-12 · 11 CVEs total
| CVE-2008-4029 | Microsoft XML Core Services DTD跨域信息泄露漏洞 | |
| CVE-2008-4033 | Microsoft XML Core Services传输编码跨域信息泄露漏洞 | |
| CVE-2008-5043 | IBM Tivoli Netcool Service Quality Manager Web接口多个跨站脚本漏洞 | |
| CVE-2008-5044 | Microsoft Windows UnhookWindowsHookEx 'win32k.sys' 本地拒绝服务漏洞 | |
| CVE-2008-5041 | Sweex RO002路由器默认帐号口令漏洞 | |
| CVE-2008-5042 | Zeeways PhotoVideoTube 'home.php' 身份认证绕过漏洞 | |
| CVE-2008-5037 | Elkagroup Image Gallery 'view.php' SQL注入漏洞 | |
| CVE-2008-5038 | Novell eDirectory NCP Get扩展信息请求远程堆内存破坏漏洞 | |
| CVE-2008-5039 | PHP-Nuke League模块跨站脚本攻击漏洞 | |
| CVE-2008-5040 | Graphiks MyForum 'myforum_login和myforum_pass' 身份认证绕过漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2008-4037
No comments yet