Oval Definition:oval:org.mitre.oval:def:5343
Revision Date:2011-11-14Version:44
Title:Virtual Address Descriptor Elevation of Privilege Vulnerability (MS08-064)
Description:Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4036
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Vulnerable Windows XP SP2
  • Microsoft Windows XP SP2 or later is installed
  • AND The version of Ntoskrnl.exe is less than 5.1.2600.3427.
  • OR Vulnerable Windows XP (x86) SP3
  • Microsoft Windows XP (x86) SP3 is installed
  • AND The version of Ntoskrnl.exe is less than 5.1.2600.5657.
  • OR Vulnerable Windows XP (x64) SP1/Server 2003 SP1 (x86)/(X64)
  • Windows XP (x64) SP1/Server 2003 SP1 (x86)/(X64)
  • Microsoft Windows XP Professional x64 Edition SP1 is installed
  • OR Microsoft Windows Server 2003 SP1 (x86) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND The version of Ntoskrnl.exe is less than 5.2.3790.3191.
  • OR Vulnerable Windows XP (x64) SP2/Server 2003 SP2 (x86)/(X64)
  • Windows XP (x64) SP2/Server 2003 SP2 (x86)/(X64)
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • AND The version of Ntoskrnl.exe is less than 5.2.3790.4354.
  • OR Vulnerable Windows Server 2003 SP1 ia-64
  • Microsoft Windows Server 2003 SP1 for Itanium is installed
  • AND Check if version of Ntkrnlmp.exe is less than 5.2.3790.3191
  • OR Vulnerable Windows Server 2003 SP2 ia-64
  • Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND Check if version of Ntkrnlmp.exe is less than 5.2.3790.4354
  • OR Vulnerable Windows Vista (32-bit)/(x64)
  • Windows Vista (32-bit)/(x64)
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for LDR/GDR
  • The version of Ntoskrnl.exe is less than 6.0.6000.16746.
  • OR Check for LDR
  • Check if version of Ntoskrnl.exe is less than 6.0.6000.20921
  • AND the version of Ntoskrnl.exe is greater than or equal 6.0.6000.20000
  • OR Vulnerable Windows Vista SP1 (32-bit)/(x64)/Server 2008 (x86)/(x64)/(ia-64)
  • Windows Vista SP1 (32-bit)/(x64)/Server 2008 (x86)/(x64)/(ia-64)
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for LDR/GDR
  • The version of Ntoskrnl.exe is less than 6.0.6001.18137.
  • OR Check for LDR
  • the version of Ntoskrnl.exe is greater than or equal 6.0.6001.22000
  • AND Check if version of Ntoskrnl.exe is less than 6.0.6001.22269
    • BACK