Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1471

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-1471
Last Modified 07 Mar 2011 10:07:08
Published 24 Mar 2008 06:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1471

Summary

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.

Vulnerable Systems

Application

  • Panda Antivirus And Firewall 2008

  • Panda Internet Security 2008


References

MISC - http://www.trapkit.de/advisories/TKADV2008-001.txt

BID - 28150

CONFIRM - http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp

CONFIRM - http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp

XF - panda-antivirus-cpointsys-priv-escalation(41079)

VUPEN - ADV-2008-0801

SECTRACK - 1019568

BUGTRAQ - 20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability

SECUNIA - 29311


Last Updated: 27 May 2016 10:47:08