Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-4036 | First vendor Publication | 2008-10-14 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4036 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5343 | |||
| Oval ID: | oval:org.mitre.oval:def:5343 | ||
| Title: | Virtual Address Descriptor Elevation of Privilege Vulnerability (MS08-064) | ||
| Description: | Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4036 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 4 | |
| Os | 4 | |
| Os | 4 | |
| Os | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-10-15 | Name : Virtual Address Descriptor Manipulation Elevation of Privilege Vulnerability ... File : nvt/secpod_ms08-064_900225.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 49053 | Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-10-15 | Name : A local user can elevate privileges on the remote host. File : smb_nt_ms08-064.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:13:16 |
|
| 2024-11-28 12:16:27 |
|
| 2024-10-15 21:27:53 |
|
| 2023-12-07 21:28:06 |
|
| 2021-05-04 12:08:01 |
|
| 2021-04-22 01:08:22 |
|
| 2020-05-23 00:22:14 |
|
| 2019-03-18 12:01:49 |
|
| 2019-02-26 17:19:30 |
|
| 2018-10-13 00:22:43 |
|
| 2017-09-29 09:23:42 |
|
| 2017-08-08 09:24:22 |
|
| 2016-09-01 01:01:17 |
|
| 2016-06-28 17:17:48 |
|
| 2016-04-26 17:48:57 |
|
| 2014-02-17 10:46:32 |
|
| 2013-05-11 00:25:36 |
|
