CVE-2008-4036

Description

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a memory allocation mapping error, aka Virtual Address Descriptor Elevation of Privilege Vulnerability.

Risk Information

Base Score

8.4

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.126

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Windows XP (KB956841) x86 based systems	Windows
Security Update for Windows XP (KB956841) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB956841) x86 based systems	Windows
Security Update for Windows Server 2003 (KB956841) x86 based systems for SP2	Windows
Security Update for Windows Vista (KB956841) x86 based systems	Windows
Security Update for Windows Vista (KB956841) x86 based systems for SP2	Windows
Security Update for Windows XP x64 Edition (KB956841)	Windows
Security Update for Windows Server 2003 x64 Edition (KB956841)	Windows
Security Update for Windows Server 2003 x64 Edition (KB956841) for SP2	Windows
Security Update for Windows Server 2008 (KB956841)	Windows
Security Update for Windows Server 2008 x64 Edition (KB956841)	Windows
Security Update for Windows Vista for x64-based Systems (KB956841)	Windows
Security Update for Windows Vista for x64-based Systems (KB956841) for SP1	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-6529	Security Update for Windows Server 2008 (KB956841)
PATCH-6530	Security Update for Windows Server 2008 x64 Edition (KB956841)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234