| |
Vulnerability CVE-2008-1139
Published: 2008-03-04 Modified: 2012-02-12
| Description: |
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.2/10 |
10/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://secunia.com/advisories/29005
http://www.vupen.com/english/advisories/2008/0597
http://www.milw0rm.com/exploits/5143
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
