Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0366

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-0366
Last Modified 07 Mar 2011 10:04:23
Published 18 Jan 2008 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0366

Summary

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.

Vulnerable Systems

Application

  • Core Security Technologies Core Force 0.95.167


References

BID - 27341

CONFIRM - http://www.coresecurity.com/?action=item&id=2025

VUPEN - ADV-2008-0242

BUGTRAQ - 20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow

SECTRACK - 1019245

SREASON - 3555

CONFIRM - http://force.coresecurity.com/index.php?module=articles&func=display&aid=32


Last Updated: 27 May 2016 10:46:46