Vulnerability Details : CVE-2008-6819

win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.

Vulnerability category: Denial of service

Published 2009-06-01 19:30:00

Updated 2009-06-29 04:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-6819

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-6819

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:N/A:C	3.4	6.9	nvd@nist.gov
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2008-6819

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-6819

http://www.securityfocus.com/data/vulnerabilities/exploits/35121.c

Exploit
http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=2&m=152274

Exploit
http://www.securityfocus.com/bid/35121

Exploit

Products affected by CVE-2008-6819

Microsoft » Windows 2003 Server
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions