Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-3636
HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3636

2008-09-1101:13:10
CWE-189
[email protected]
web.nvd.nist.gov
23
cve-2008-3636
integer overflow
iopfcompleterequest api
microsoft windows
gearaspiwdm.sys
privilege escalation
security vulnerability
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.3%

JSON

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.

Affected configurations

NVD
Node
appleitunesRange≀7.6.1windows
OR
appleitunesMatch1.0windows
OR
appleitunesMatch1.1.1windows
OR
appleitunesMatch1.1.2windows
OR
appleitunesMatch2.0windows
OR
appleitunesMatch2.0.1windows
OR
appleitunesMatch2.0.2windows
OR
appleitunesMatch2.0.3windows
OR
appleitunesMatch2.0.4windows
OR
appleitunesMatch3.0windows
OR
appleitunesMatch3.0.1windows
OR
appleitunesMatch4.0windows
OR
appleitunesMatch4.0.1windows
OR
appleitunesMatch4.1windows
OR
appleitunesMatch4.2windows
OR
appleitunesMatch4.2.72windows
OR
appleitunesMatch4.5windows
OR
appleitunesMatch4.6windows
OR
appleitunesMatch4.7windows
OR
appleitunesMatch4.7.1windows
OR
appleitunesMatch4.7.1.30windows
OR
appleitunesMatch4.8windows
OR
appleitunesMatch4.9windows
OR
appleitunesMatch5.0windows
OR
appleitunesMatch5.0.1windows
OR
appleitunesMatch6.0windows
OR
appleitunesMatch6.0.1windows
OR
appleitunesMatch6.0.2windows
OR
appleitunesMatch6.0.3windows
OR
appleitunesMatch6.0.4windows
OR
appleitunesMatch6.0.4.2windows
OR
appleitunesMatch6.0.5windows
OR
appleitunesMatch7.0.2windows
OR
appleitunesMatch7.3.2windows
OR
appleitunesMatch7.4windows
OR
appleitunesMatch7.4.1windows
OR
appleitunesMatch7.4.2windows
OR
appleitunesMatch7.4.3windows
OR
appleitunesMatch7.5windows
OR
appleitunesMatch7.6windows
OR
appleitunesMatch7.6.2windows
OR
appleitunesMatch7.7windows
OR
appleitunesMatch7.7.1windows

References

Related

nvd 1
nessus 2
cvelist 1
seebug 2
cert 1
prion 1
openvas 2
symantec 1
nvd
nvd
CVE-2008-3636
2008-09-11 01:13:10
nessus
nessus
Apple iTunes < 8.0 Integer Buffer Overflow (credentialed check)
2008-09-10 00:00:00
Apple iTunes < 8.0 Integer Buffer Overflow (uncredentialed check)
2008-09-10 00:00:00
cvelist
cvelist
CVE-2008-3636
2008-09-10 16:00:00
seebug
seebug
Symantec Gear Device Driverζœ¬εœ°η‰Ήζƒζε‡ζΌζ΄ž
2008-10-13 00:00:00
Apple iTunesη¬¬δΈ‰ζ–Ήι©±εŠ¨ζœ¬εœ°η‰Ήζƒζε‡ζΌζ΄ž
2008-09-11 00:00:00
cert
cert
Gear Software CD DVD Filter driver privilege escalation vulnerability
2008-10-07 00:00:00
prion
prion
Integer overflow
2008-09-11 01:13:00
openvas
openvas
Apple iTunes Local Privilege Escalation Vulnerability
2008-09-25 00:00:00
Apple iTunes Local Privilege Escalation Vulnerability
2008-09-25 00:00:00
symantec
symantec
Symantec Device Driver Local Elevation of Privilege
2008-10-07 08:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for CVE-2008-3636
nvd1nessus2cvelist1seebug2cert1prion1openvas2symantec1