Lucene search

MicrosoftCVE-2008-2252

HistoryOct 15, 2008 - 12:12 a.m.

CVE-2008-2252

2008-10-1500:12:15

CWE-264

microsoft

web.nvd.nist.gov

microsoft

windows

kernel

memory corruption

vulnerability

cve-2008-2252

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

0.4%

JSON

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2000Match-sp4

microsoftwindows_server_2003Match-sp1

microsoftwindows_server_2003Match-sp1itanium

microsoftwindows_server_2003Match-sp1x64

microsoftwindows_server_2003Match-sp2

microsoftwindows_server_2008Match-

microsoftwindows_server_2008Match-itanium

microsoftwindows_vistaMatch-

microsoftwindows_vistaMatch-x64

microsoftwindows_vistaMatch-sp1

microsoftwindows_vistaMatch-sp1x64

microsoftwindows_xpMatch-x64

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2x64

microsoftwindows_xpMatch-sp3

VendorProductVersionCPE
microsoftwindows_2000-cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:x64:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	-	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
microsoft	windows_server_2003	-	cpe:2.3:o:microsoft:windows_server_2003:-:sp1::::::
microsoft	windows_server_2003	-	cpe:2.3:o:microsoft:windows_server_2003:-:sp1:::::itanium:*
microsoft	windows_server_2003	-	cpe:2.3:o:microsoft:windows_server_2003:-:sp1:::::x64:*
microsoft	windows_server_2003	-	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-::itanium:::::
microsoft	windows_vista	-	cpe:2.3:o:microsoft:windows_vista:-:::::::*
microsoft	windows_vista	-	cpe:2.3:o:microsoft:windows_vista:-::::::x64:
microsoft	windows_vista	-	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::