CVE-2008-1084

2008-04-0823:05:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-1084

microsoft windows

kernel

vulnerability

local users

arbitrary code

nvd

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*