Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
| Informations | |||
|---|---|---|---|
| Name | MS08-025 | First vendor Publication | 2008-04-08 |
| Vendor | Microsoft | Last vendor Modification | 2008-04-08 |
| Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This important security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5437 | |||
| Oval ID: | oval:org.mitre.oval:def:5437 | ||
| Title: | Windows Kernel Vulnerability | ||
| Description: | Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-1084 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2008-04-08 | Microsoft Windows XP/VISTA/2000/2003/2008 Kernel Usermode Callback Local Priv... |
| 2008-04-28 | MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-01-10 | Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab... File : nvt/gb_ms08-025.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 44206 | Microsoft Windows Kernel Unspecified Privilege Escalation Microsoft Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-04-08 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms08-025.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:57 |
|
| 2014-02-12 17:23:08 |
|
| 2013-05-11 00:49:19 |
|
