Vulnerability CVE-2008-3464 - CERT Civis.Net

Vulnerability Name:

CVE-2008-3464 (CCN-45578)

Assigned:

2008-10-14

Published:

2008-10-14

Updated:

2018-10-12

Summary:

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MISC
Type: UNKNOWN
http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

Source: MITRE
Type: CNA
CVE-2008-3464

Source: HP
Type: UNKNOWN
SSRT080143

Source: CCN
Type: SA32261
Microsoft Windows Ancillary Function Driver Privilege Escalation

Source: SECUNIA
Type: Patch, Vendor Advisory
32261

Source: CCN
Type: SECTRACK ID: 1021053
Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges

Source: CCN
Type: ASA-2008-413
MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

Source: CCN
Type: Microsoft Security Bulletin MS12-009
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

Source: CCN
Type: Microsoft Security Bulletin MS12-017
Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Source: CCN
Type: Microsoft Security Bulletin MS14-040
Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)

Source: CCN
Type: Microsoft Security Bulletin MS15-119
Security Update in Winsock to Address Elevation of Privilege (3104521)

Source: CCN
Type: Microsoft Security Bulletin MS15-127
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)

Source: CCN
Type: Microsoft Security Bulletin MS16-071
Security Update for Microsoft Windows DNS Server (3164065)

Source: CCN
Type: Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

Source: CCN
Type: Microsoft Security Bulletin MS09-008
Vulnerabilities in DNS and WINS server could allow Spoofing (962238)

Source: CCN
Type: Microsoft Security Bulletin MS11-046
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)

Source: CCN
Type: Microsoft Security Bulletin MS11-058
Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

Source: CCN
Type: Microsoft Security Bulletin MS11-080
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

Source: BUGTRAQ
Type: UNKNOWN
20081015 Exploit for MS08-066 - AFD.sys kernel memory overwrite.

Source: BID
Type: Patch
31673

Source: CCN
Type: BID-31673
Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021053

Source: CERT
Type: US Government Resource
TA08-288A

Source: VUPEN
Type: UNKNOWN
ADV-2008-2817

Source: MS
Type: UNKNOWN
MS08-066

Source: XF
Type: UNKNOWN
win-afd-privilege-escalation(45578)

Source: XF
Type: UNKNOWN
win-afd-privilege-escalation(45578)

Source: XF
Type: UNKNOWN
win-ms08kb956803-update(45582)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5825

Source: EXPLOIT-DB
Type: UNKNOWN
6757

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:5825	V	Messaging Queue Service Remote Code Execution Vulnerability	2011-11-07