Vulnerability Description
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | - |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/32247PatchVendor Advisory
- http://www.securityfocus.com/bid/31652PatchThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1021046Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/2812Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-06PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45543VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45544VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/32247PatchVendor Advisory
- http://www.securityfocus.com/bid/31652PatchThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1021046Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2008-2252?
CVE-2008-2252 is a vulnerability with a CVSS score of 7.2 (HIGH). The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which al...
How severe is CVE-2008-2252?
CVE-2008-2252 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2252?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows Xp.