CVE-2008-4036 | Vulnerability Database | Aqua Security

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a memory allocation mapping error, aka Virtual Address Descriptor Elevation of Privilege Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Windows_server_2003	Microsoft	*	*
Windows_server_2008	Microsoft	*	*
Windows_vista	Microsoft	*	*
Windows_vista	Microsoft	sp1 (including)	sp1 (including)
Windows_xp	Microsoft	*	*

References

http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2
http://secunia.com/advisories/32251
http://www.securityfocus.com/bid/31675
http://www.securitytracker.com/id?1021051
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2815
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064
https://exchange.xforce.ibmcloud.com/vulnerabilities/45571
https://exchange.xforce.ibmcloud.com/vulnerabilities/45572
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4036
CWE	https://cwe.mitre.org/data/definitions/189.html