CVE-2008-4299

CVE Database · CVE-2008-4299

CVE-2008-4299

· N/AModified

CVSS v3.1

N/A

EPSS

15.86%

Published

Sep 29, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

Weaknesses (CWE)

CWE-189

Affected Products (1)

microsoft · internet_authentication_service_helper_com_componentvulnerable

References (6)

http://securityreason.com/securityalert/4323

http://www.securityfocus.com/archive/1/496695/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/45556

http://securityreason.com/securityalert/4323

http://www.securityfocus.com/archive/1/496695/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/45556

KEV Catalog EPSS Scores Vendors All CVEs