CVE-2008-1084

high

Description

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

References

https://www.exploit-db.com/exploits/5518

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025

http://www.vupen.com/english/advisories/2008/1149/references

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

http://www.securitytracker.com/id?1019803

http://secunia.com/advisories/29720

http://milw0rm.com/sploits/2008-ms08-25-exploit.zip

http://marc.info/?l=bugtraq&m=120845064910729&w=2

Details

Source: Mitre, NVD

Published: 2008-04-08

Updated: 2023-12-07

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High