CVE-2008-1084

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4 through Vista SP1 Microsoft Windows Server versions 2003 SP1 through 2008

Description The issue is related to improper input validation in the Windows kernel, allowing local users to execute arbitrary code. This could enable an attacker to run code with elevated privileges, potentially leading to complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. One affected function is NtUserFnOUTSTRING in win32k.sys.

Recommendations For Microsoft Windows versions 2000 SP4 through Vista SP1, consider disabling the NtUserFnOUTSTRING function in win32k.sys as a temporary workaround until a patch is available. For Microsoft Windows Server versions 2003 SP1 through 2008, restrict access to the kernel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.