6.5 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.6%
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka “AFD Kernel Overwrite Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
windows_2003_server | eq | professional sp3 |
blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx
secunia.com/advisories/32261
www.securityfocus.com/archive/1/497375/100/0/threaded
www.securityfocus.com/bid/31673
www.securitytracker.com/id?1021053
www.us-cert.gov/cas/techalerts/TA08-288A.html
www.vupen.com/english/advisories/2008/2817
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066
exchange.xforce.ibmcloud.com/vulnerabilities/45578
exchange.xforce.ibmcloud.com/vulnerabilities/45582
marc.info/?l=bugtraq&m=122479227205998&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825
www.exploit-db.com/exploits/6757