Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0322

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-0322
Last Modified 07 Mar 2011 10:04:19
Published 13 May 2008 04:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0322

Summary

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.

Vulnerable Systems

Operating System

  • Microsoft Windows Xp


References

BID - 29171

SECUNIA - 30203

IDEFENSE - 20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability

XF - win-i2omgmt-code-execution(42358)

VUPEN - ADV-2008-1476

SECTRACK - 1020006


Last Updated: 27 May 2016 10:46:46