Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1084

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-1084
Last Modified 28 Mar 2011 12:00:00
Published 08 Apr 2008 07:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1084

Summary

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

CERT - TA08-099A

BID - 28554

MS - MS08-025

VUPEN - ADV-2008-1149

SECTRACK - 1019803

MILW0RM - 5518

SECUNIA - 29720

MISC - http://milw0rm.com/sploits/2008-ms08-25-exploit.zip

HP - SSRT080048

HP - HPSBST02329


Last Updated: 27 May 2016 10:47:01