Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4363

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4363
Last Modified 07 Mar 2011 10:12:20
Published 30 Sep 2008 07:24:53
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4363

Summary

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

Vulnerable Systems

Application

  • Deslock 3.2.7


References

VUPEN - ADV-2008-2638

MILW0RM - 6498

SREASON - 4342

SECUNIA - 31921

MISC - http://digit-labs.org/files/exploits/deslock-probe-read.c


Last Updated: 27 May 2016 10:48:28