The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
References
Configurations
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Broken Link, Patch | |
References | () http://secunia.com/advisories/30203 - Broken Link, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/29171 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1020006 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2008/1476/references - Permissions Required | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - Third Party Advisory, VDB Entry |
25 Jan 2024, 21:32
Type | Values Removed | Values Added |
---|---|---|
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1020006 - Broken Link, Third Party Advisory, VDB Entry | |
References | (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Broken Link, Patch | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1476/references - Permissions Required | |
References | (BID) http://www.securityfocus.com/bid/29171 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/30203 - Broken Link, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CWE | CWE-732 |
Information
Published : 2008-05-13 20:20
Updated : 2024-11-21 00:41
NVD link : CVE-2008-0322
Mitre link : CVE-2008-0322
CVE.ORG link : CVE-2008-0322
JSON object : View
Products Affected
microsoft
- windows_xp
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource