LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2008-4250

CVE-2008-4250

Microsoft Windows Buffer Overflow Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2026-05-20. Federal remediation due 2026-06-03.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Summary

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

CVSS 3.1 breakdown

Base score9.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Microsoft windows 2000Microsoft windows server 2003Microsoft windows server 2008Microsoft windows vistaMicrosoft windows xp
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-05-21. Always verify against the vendor advisory before acting.

Scroll to Top