Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2008-3464

Published: 15/10/2008 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows 2003 Server

Vulnerability Summary

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2003 server

microsoft windows xp

microsoft windows 2003 server professional

Exploits

Exploit DB: Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066)
Hi, I have just uploaded a k-plugin for Kartoffel, which exploits a flaw patched in the recent MS08-066 bulletin kartoffelreversemodecom/downloadsphp backup: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/6757zip (2008-afd_pluginzip) For those researchers interesting in digging a little bit more ...

References

CWE-264http://www.securitytracker.com/id?1021053http://secunia.com/advisories/32261http://www.securityfocus.com/bid/31673http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspxhttp://www.us-cert.gov/cas/techalerts/TA08-288A.htmlhttp://marc.info/?l=bugtraq&m=122479227205998&w=2http://www.vupen.com/english/advisories/2008/2817https://exchange.xforce.ibmcloud.com/vulnerabilities/45582https://exchange.xforce.ibmcloud.com/vulnerabilities/45578https://www.exploit-db.com/exploits/6757https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825http://www.securityfocus.com/archive/1/497375/100/0/threadedhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066https://nvd.nist.govhttps://www.exploit-db.com/exploits/6757/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook