NVD Vulnerability Detail

CVE-2008-1084

Summary	Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
Summary	Una vulnerabilidad no especificada en el kernel de Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, hasta Vista SP1 y Server 2008 permite a los usuarios locales ejecutar código arbitrario por medio de vectores de ataque desconocidos relacionados con la comprobación de entrada inapropiada. NOTA: más tarde se reportó que una función afectada es NtUserFnOUTSTRING en el archivo win32k.sys.
Publication Date	April 9, 2008, 8:05 a.m.
Registration Date	Jan. 29, 2021, 1:32 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
cpe:2.3:o:microsoft:windows_vista:::x64:::::*
cpe:2.3:o:microsoft:windows_vista::sp1::::::*
cpe:2.3:o:microsoft:windows_xp:::x64:::::*
cpe:2.3:o:microsoft:windows_xp::sp2::::::*
cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

Related information, measures and tools

No	URL	refsource
1	http://marc.info/?l=bugtraq&m=120845064910729&w=2	secure@microsoft.com
2	http://milw0rm.com/sploits/2008-ms08-25-exploit.zip	secure@microsoft.com
3	http://secunia.com/advisories/29720	secure@microsoft.com
4	http://www.securityfocus.com/bid/28554	secure@microsoft.com
5	http://www.securitytracker.com/id?1019803	secure@microsoft.com
6	http://www.us-cert.gov/cas/techalerts/TA08-099A.html	secure@microsoft.com
7	http://www.vupen.com/english/advisories/2008/1149/references	secure@microsoft.com
8	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025	secure@microsoft.com
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437	secure@microsoft.com
10	https://www.exploit-db.com/exploits/5518	secure@microsoft.com
11	http://marc.info/?l=bugtraq&m=120845064910729&w=2	af854a3a-2127-422b-91ae-364da2661108
12	http://milw0rm.com/sploits/2008-ms08-25-exploit.zip	af854a3a-2127-422b-91ae-364da2661108
13	http://secunia.com/advisories/29720	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/28554	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securitytracker.com/id?1019803	af854a3a-2127-422b-91ae-364da2661108
16	http://www.us-cert.gov/cas/techalerts/TA08-099A.html	af854a3a-2127-422b-91ae-364da2661108
17	http://www.vupen.com/english/advisories/2008/1149/references	af854a3a-2127-422b-91ae-364da2661108
18	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025	af854a3a-2127-422b-91ae-364da2661108
19	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437	af854a3a-2127-422b-91ae-364da2661108
20	https://www.exploit-db.com/exploits/5518	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
cpe:2.3:o:microsoft:windows_vista:::x64:::::*
cpe:2.3:o:microsoft:windows_vista::sp1::::::*
cpe:2.3:o:microsoft:windows_xp:::x64:::::*
cpe:2.3:o:microsoft:windows_xp::sp2::::::*
cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::