Vulnerability Details : CVE-2008-1084
Potential exploit
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
Vulnerability category: Execute code
Products affected by CVE-2008-1084
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1084
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1084
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-1084
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1084
-
http://www.securitytracker.com/id?1019803
GoDaddy Domain Name Search
-
https://www.exploit-db.com/exploits/5518
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025) - Windows local Exploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437
404 Not Found
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025
Microsoft Security Bulletin MS08-025 - Important | Microsoft Learn
-
http://secunia.com/advisories/29720
About Secunia Research | FlexeraVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Page Not Found | CISAUS Government Resource
-
http://www.securityfocus.com/bid/28554
Exploit;Patch
-
http://milw0rm.com/sploits/2008-ms08-25-exploit.zip
-
http://www.vupen.com/english/advisories/2008/1149/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://marc.info/?l=bugtraq&m=120845064910729&w=2
'[security bulletin] HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC
Jump to