Lucene search

[email protected]CVE-2005-2986

HistorySep 20, 2005 - 12:03 a.m.

CVE-2005-2986

2005-09-2000:03:00

[email protected]

web.nvd.nist.gov

cve-2005-2986

v3flt2k.sys

ahnlab v3pro

deviceiocontrol

remote attackers

privilege escalation

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges.

Affected configurations

NVD

Node

ahnlabv3_virusblock_2005Match6.0.0.383

ahnlabv3netMatch6.0.0.383win_server

ahnlabv3pro_2004Match6.0.0.383

CPENameOperatorVersion
ahnlab:v3_virusblock_2005ahnlab v3 virusblock 2005eq6.0.0.383
ahnlab:v3netahnlab v3neteq6.0.0.383
ahnlab:v3pro_2004ahnlab v3pro 2004eq6.0.0.383

CPE	Name	Operator	Version
ahnlab:v3_virusblock_2005	ahnlab v3 virusblock 2005	eq	6.0.0.383
ahnlab:v3net	ahnlab v3net	eq	6.0.0.383
ahnlab:v3pro_2004	ahnlab v3pro 2004	eq	6.0.0.383

References

info.ahnlab.com/english/advisory/01.html

marc.info/?l=bugtraq&m=112680062609377&w=2

secunia.com/advisories/15674/

www.securityfocus.com/bid/14847

exchange.xforce.ibmcloud.com/vulnerabilities/22297

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2005-2986

nvd2 cvelist1 cve1