CVE-2008-4036

{"id": "CVE-2008-4036", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2008-10-15T00:12:16.007", "references": [{"url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2", "source": "secure@microsoft.com"}, {"url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/32251", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/31675", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1021051", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2815", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343", "source": "secure@microsoft.com"}, {"url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32251", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/31675", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021051", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2815", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a \"memory allocation mapping error,\" aka \"Virtual Address Descriptor Elevation of Privilege Vulnerability.\""}, {"lang": "es", "value": "Desbordamiento de entero en el Gestor de Memoria en Microsoft Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista RTM y SP1, y Server 2008 que permite a un usuario local conseguir privilegios por medio de una aplicaci\u00f3n manipulada que provoca un decremento err\u00f3neo de una variable, relacionada con la validaci\u00f3n de par\u00e1metros para los Virtual Address Descriptors (VADs) y con un \"memory allocation mapping error,\" (error de asignaci\u00f3n del mapeado de memoria), tambi\u00e9n conocido como \"Virtual Address Descriptor Elevation of Privilege Vulnerability\" (vulnerabilidad de elevaci\u00f3n de privilegios en los descriptores de direcciones virtuales)."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D91FC0B-92FA-4182-9B87-A462850BD510"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F99773-D1AF-4596-856A-CA164D4B68E5"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59F0770D-0CED-4AEF-95AB-F9F9A4D6FB55"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}