Microsoft Windows Server 2008
Moderate fix2 remedies
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*, +2 more
Moderate fix2 remedies
Microsoft Windows Telephony Service Remote Code Execution Vulnerability
Vulnerability
A remote code execution vulnerability has been identified in the Windows Telephony Service. This vulnerability allows an attacker to execute arbitrary code on the affected system. It arises from a heap-based buffer overflow, where malicious data sent from a server can be executed on the user's machine. The vulnerability is present in several Windows Server and client versions, including Windows Server 2008, Windows Server 2016, Windows 10, and Windows 11.
Impact
Exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system with the same privileges as the user.
Remediation
Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates are available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5050009, KB5049984, KB5050013, KB5050048, KB5050063, and KB5049993.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
7.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.