CVE-2008-4032

high Microsoft
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
59.4%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: December 10, 2008 (6364 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

CWE

CWE-287

Affected Products

microsoft office sharepoint servermicrosoft search server

References

🔗 secunia.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 www.vupen.com 🔗 docs.microsoft.com