CVE-2008-4036

Description

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

Related CPE's

omicrosoftwindows_xp*sp2******

omicrosoftwindows_xp*x64******

omicrosoftwindows_xp*sp2x64*****

omicrosoftwindows_vista********

omicrosoftwindows_server_2003*sp1x64*****

omicrosoftwindows_server_2003*sp1******

omicrosoftwindows_server_2003*sp1itanium*****

omicrosoftwindows_vista*sp1x64*****

omicrosoftwindows_server_2008********

omicrosoftwindows_server_2008**x32*****

References

31675

Patch

1021051

32251

PatchVendor Advisory

TA08-288A

US Government Resource

SSRT080143

ADV-2008-2815

win-ms08kb956841-update(45572)

win-vad-privilege-escalation(45571)

oval:org.mitre.oval:def:5343

MS08-064

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

7.199999809265137

Created by Yello
About Severity.io