CVE-2008-4036

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 versions SP1 through SP2 Microsoft Windows Vista versions Gold through SP1 Microsoft Windows Server 2008 (affected versions not specified)

Description The issue is related to an integer overflow in the Memory Manager of Microsoft Windows, allowing local users to gain privileges via a crafted application. This is due to the erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a memory allocation mapping error. An elevation of privilege vulnerability exists in the way that Memory Manager handles memory allocation and Virtual Address Descriptors (VADs), which could allow elevation of privilege if an authenticated attacker runs a specially crafted program on an affected system.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 versions SP1 through SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista versions Gold through SP1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008, at the moment, there is no information about a newer version that contains a fix for this vulnerability.