7.2

CVE-2008-3636

EPSS 0.12%
Published 11.09.2008 01:13:10
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys.  However, the root cause is the integer overflow in the API call itself.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iTunes Editionwindows Version <= 7.6.1

Apple ≫ iTunes Version1.0 Editionwindows

Apple ≫ iTunes Version1.1.1 Editionwindows

Apple ≫ iTunes Version1.1.2 Editionwindows

Apple ≫ iTunes Version2.0 Editionwindows

Apple ≫ iTunes Version2.0.1 Editionwindows

Apple ≫ iTunes Version2.0.2 Editionwindows

Apple ≫ iTunes Version2.0.3 Editionwindows

Apple ≫ iTunes Version2.0.4 Editionwindows

Apple ≫ iTunes Version3.0 Editionwindows

Apple ≫ iTunes Version3.0.1 Editionwindows

Apple ≫ iTunes Version4.0 Editionwindows

Apple ≫ iTunes Version4.0.1 Editionwindows

Apple ≫ iTunes Version4.1 Editionwindows

Apple ≫ iTunes Version4.2 Editionwindows

Apple ≫ iTunes Version4.2.72 Editionwindows

Apple ≫ iTunes Version4.5 Editionwindows

Apple ≫ iTunes Version4.6 Editionwindows

Apple ≫ iTunes Version4.7 Editionwindows

Apple ≫ iTunes Version4.7.1 Editionwindows

Apple ≫ iTunes Version4.7.1.30 Editionwindows

Apple ≫ iTunes Version4.8 Editionwindows

Apple ≫ iTunes Version4.9 Editionwindows

Apple ≫ iTunes Version5.0 Editionwindows

Apple ≫ iTunes Version5.0.1 Editionwindows

Apple ≫ iTunes Version6.0 Editionwindows

Apple ≫ iTunes Version6.0.1 Editionwindows

Apple ≫ iTunes Version6.0.2 Editionwindows

Apple ≫ iTunes Version6.0.3 Editionwindows

Apple ≫ iTunes Version6.0.4 Editionwindows

Apple ≫ iTunes Version6.0.4.2 Editionwindows

Apple ≫ iTunes Version6.0.5 Editionwindows

Apple ≫ iTunes Version7.0.2 Editionwindows

Apple ≫ iTunes Version7.3.2 Editionwindows

Apple ≫ iTunes Version7.4 Editionwindows

Apple ≫ iTunes Version7.4.1 Editionwindows

Apple ≫ iTunes Version7.4.2 Editionwindows

Apple ≫ iTunes Version7.4.3 Editionwindows

Apple ≫ iTunes Version7.5 Editionwindows

Apple ≫ iTunes Version7.6 Editionwindows

Apple ≫ iTunes Version7.6.2 Editionwindows

Apple ≫ iTunes Version7.7 Editionwindows

Apple ≫ iTunes Version7.7.1 Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.282

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html

http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html

http://securitytracker.com/id?1020839

http://support.apple.com/kb/HT3025

http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf

http://www.kb.cert.org/vuls/id/146896

US Government Resource

http://www.securityfocus.com/archive/1/497131/100/0/threaded

http://www.securityfocus.com/bid/31089

Patch

http://www.securitytracker.com/id?1020997

http://www.securitytracker.com/id?1020998

http://www.securitytracker.com/id?1020999

http://www.symantec.com/avcenter/security/Content/2008.10.07a.html

http://www.vupen.com/english/advisories/2008/2526

http://www.vupen.com/english/advisories/2008/2769

http://www.vupen.com/english/advisories/2008/2770

http://www.wintercore.com/advisories/advisory_W021008.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035

https://nvd.nist.gov/vuln/detail/CVE-2008-3636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3636

EUVD