6.9
CVE-2008-1737
- EPSS 0.62%
- Veröffentlicht 30.04.2008 00:10:00
- Zuletzt bearbeitet 16.06.2026 22:52:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sophos ≫ Anti-virus Version7.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.451 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://securityreason.com/securityalert/3838
http://www.coresecurity.com/?action=item&id=2249
http://www.securityfocus.com/archive/1/491405/100/0/threaded
http://secunia.com/advisories/29996
http://securitytracker.com/id?1019945
http://www.securityfocus.com/bid/28743
http://www.sophos.com/support/knowledgebase/article/37810.html
http://www.vupen.com/english/advisories/2008/1381
https://exchange.xforce.ibmcloud.com/vulnerabilities/42083