Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7096

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-7096
Last Modified 28 Aug 2009 12:00:00
Published 27 Aug 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7096

Summary

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

Vulnerable Systems


References

CONFIRM - http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr

XF - intel-bios-smm-privilege-escalation(44676)

BID - 30823

MISC - http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html

MISC - http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html

OSVDB - 49901

MISC - http://invisiblethingslab.com/bh08/part2-full.pdf


Last Updated: 27 May 2016 10:49:28