CVE-2008-5405
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 47%
from disclosure to weapon0 days
Published on NVDDec 9
1st PoCDec 3
metasploitNov 30
exploitation probability
47%top 1% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/16659unverifiedcve_referencewww.exploit-db.com/exploits/7297unverifiedexploitdbwww.exploit-db.com/exploits/7329unverifiedcve_referencewww.exploit-db.com/exploits/7309unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://osvdb.org/50342http://oxid.netsons.org/phpBB2/viewtopic.php?t=2750http://secunia.com/advisories/32794http://securityreason.com/securityalert/4703https://exchange.xforce.ibmcloud.com/vulnerabilities/46940https://www.exploit-db.com/exploits/7297https://www.exploit-db.com/exploits/7309http://www.securityfocus.com/bid/32543http://www.vupen.com/english/advisories/2008/3286