The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Windows Vista
  • Windows Server 2003
  • Windows 2000
  • Windows Xp
  • Windows Server 2008

Configuration 1 [-]

OR cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:*
References
Link Resource
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32247 Patch Vendor Advisory
http://www.securityfocus.com/bid/31651 Patch
http://www.securitytracker.com/id?1021046
http://www.us-cert.gov/cas/techalerts/TA08-288A.html US Government Resource
http://www.vupen.com/english/advisories/2008/2812
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061
https://exchange.xforce.ibmcloud.com/vulnerabilities/45541
https://exchange.xforce.ibmcloud.com/vulnerabilities/45544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5902
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-10-15T00:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2008-05-16T00:00:00

Link: CVE-2008-2250

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2008-10-15T00:12:15.647

Modified: 2023-12-07T18:38:56.693

Link: CVE-2008-2250

JSON object: View

cve-icon Redhat Information

No data.

CWE