High severity8.4NVD Advisory· Published Oct 15, 2008· Updated Apr 23, 2026

CVE-2008-4036

Description

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

Affected products

Microsoft/Windows Server 20034 versions
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20084 versions
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Microsoft/Windows Vista4 versions
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*
Microsoft/Windows Xp4 versions
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/32251nvdPatchVendor Advisory
www.securityfocus.com/bid/31675nvdPatch
www.us-cert.gov/cas/techalerts/TA08-288A.htmlnvdUS Government Resource
marc.infonvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/2815nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45571nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45572nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343nvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000