How severe is CVE-2008-3636?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2008-3636?

This is classified as CWE-189, which is a common weakness in software security.

CVE-2008-3636 - HIGH Severity | CVSS 7.2

Vulnerability Description

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.

Related Vulnerabilities

CVE-2015-8396

CRITICAL

CVSS:10.0(Critical)

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitr...

CWE-1892015

CVE-2007-1383

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destro...

CWE-1892007

CVE-2011-2013

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by s...

CWE-1892011

CVE-2014-9766

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code ...

CWE-1892014

CVE-2016-0859

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC ...

CWE-1892016

CVE-2016-10145

CRITICAL

CVSS:9.8(Critical)

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

CWE-1892016