Lucene search

K
cve[email protected]CVE-2008-1471
HistoryMar 24, 2008 - 10:44 p.m.

CVE-2008-1471

2008-03-2422:44:00
CWE-399
web.nvd.nist.gov
13
cve-2008-1471
cpoint.sys
panda internet security 2008
antivirus+ firewall 2008
denial of service
kernel panic
memory overwrite
arbitrary code
ioctl request

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.

Affected configurations

NVD
Node
microsoftwindows-ntMatchvistax32
OR
microsoftwindows-ntMatchxpx32
OR
microsoftwindows_2000pro
OR
microsoftwindows_vistax64
OR
microsoftwindows_xpx64
AND
pandapanda_antivirus_and_firewallMatch2008
OR
pandapanda_internet_securityMatch2008

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

Related for CVE-2008-1471