Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1139

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-1139
Last Modified 07 Mar 2011 10:06:00
Published 04 Mar 2008 03:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1139

Summary

DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.

Vulnerable Systems

Application

  • Deslock 3.2.6


References

SECUNIA - 29005

VUPEN - ADV-2008-0597

MILW0RM - 5143


Last Updated: 27 May 2016 10:47:02