CVE-2008-2250

2008-10-1500:12:00

CWE-264

[email protected]

web.nvd.nist.gov

windows

kernel

microsoft

privilege escalation

vulnerability

cve-2008-2250

6.2 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka “Windows Kernel Window Creation Vulnerability.”

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_vistamicrosoft windows vistaeqsp1

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_vista	microsoft windows vista	eq	sp1