CVE-2008-2252

Properties

Published:
13.10.2008
Updated:
23.10.2008
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Product:
microsoft: windows_xp
microsoft: windows_xp
microsoft: windows_xp
microsoft: windows_xp
microsoft: windows_server_2003
microsoft: windows_server_2003

Vulnerability description

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."

References:

XF: http://xforce.iss.net/xforce/xfdb/45544
XF: http://xforce.iss.net/xforce/xfdb/45543
SECTRACK: http://www.securitytracker.com/id?1021046
BID: http://www.securityfocus.com/bid/31652
MS: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
FRSIRT: http://www.frsirt.com/english/advisories/2008/2812
SECUNIA: http://secunia.com/advisories/32247