7.2

CVE-2008-3464

EPSS 1.43%
Published 15.10.2008 00:12:15
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Editionx64

Microsoft ≫ Windows 2003 Server Updatesp1 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows 2003 Server Versionprofessional Updatesp3

Microsoft ≫ Windows Xp Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.43%	0.8

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

US Government Resource

http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

http://secunia.com/advisories/32261

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/497375/100/0/threaded

http://www.securityfocus.com/bid/31673

Patch

http://www.securitytracker.com/id?1021053

http://www.vupen.com/english/advisories/2008/2817

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066

https://exchange.xforce.ibmcloud.com/vulnerabilities/45578

https://exchange.xforce.ibmcloud.com/vulnerabilities/45582

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825

https://www.exploit-db.com/exploits/6757

https://nvd.nist.gov/vuln/detail/CVE-2008-3464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3464

EUVD