Vulnerability Name:

CVE-2008-1471

Assigned:2008-03-10
Published:2008-03-10
Updated:2017-08-07
Summary:The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-399
(ALLOWS_ADMIN_ACCESS)
References:Source: CONFIRM
Type: PATCH
http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp

Source: CONFIRM
Type: PATCH
http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp

Source: BUGTRAQ
Type: UNKNOWN
20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability

Source: BID
Type: PATCH
28150

Source: SECTRACK
Type: UNKNOWN
1019568

Source: MISC
Type: PATCH
http://www.trapkit.de/advisories/TKADV2008-001.txt

Source: VUPEN
Type: UNKNOWN
ADV-2008-0801

Source: XF
Type: UNKNOWN
panda-antivirus-cpointsys-priv-escalation(41079)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows-nt:vista::x32:*:*:*:*:*
  • OR cpe:/o:microsoft:windows-nt:xp::x32:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:::pro:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:::x64:*:*:*:*:*
  • AND
  • cpe:/a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*
  • OR cpe:/a:panda:panda_internet_security:2008:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft windows-nt vista
    microsoft windows-nt xp
    microsoft windows 2000
    microsoft windows vista
    microsoft windows xp
    panda panda antivirus and firewall 2008
    panda panda internet security 2008