Lucene search

[email protected]CVE-2008-0366

HistoryJan 18, 2008 - 11:00 p.m.

CVE-2008-0366

2008-01-1823:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0366

core force

denial of service

arbitrary code

ssdt hook handler

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.

Affected configurations

NVD

Node

core_security_technologiescore_forceRange≤0.95.167

CPENameOperatorVersion
core_security_technologies:core_forcecore security technologies core forcele0.95.167

CPE	Name	Operator	Version
core_security_technologies:core_force	core security technologies core force	le	0.95.167

References

force.coresecurity.com/index.php?module=articles&func=display&aid=32

securityreason.com/securityalert/3555

www.coresecurity.com/?action=item&id=2025

www.securityfocus.com/archive/1/486513/100/0/threaded

www.securityfocus.com/bid/27341

www.securitytracker.com/id?1019245

www.vupen.com/english/advisories/2008/0242

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-0366

nvd1 prion1 cvelist1 coresecurity1