7.2

CVE-2008-3464

EPSS 1.43%
Veröffentlicht 15.10.2008 00:12:15
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Editionx64

Microsoft ≫ Windows 2003 Server Updatesp1 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows 2003 Server Versionprofessional Updatesp3

Microsoft ≫ Windows Xp Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.43%	0.8

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

US Government Resource

http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

http://secunia.com/advisories/32261

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/497375/100/0/threaded

http://www.securityfocus.com/bid/31673

Patch

http://www.securitytracker.com/id?1021053

http://www.vupen.com/english/advisories/2008/2817

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066

https://exchange.xforce.ibmcloud.com/vulnerabilities/45578

https://exchange.xforce.ibmcloud.com/vulnerabilities/45582

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825

https://www.exploit-db.com/exploits/6757

https://nvd.nist.gov/vuln/detail/CVE-2008-3464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3464

EUVD