CVE-2008-0322

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 Broken Link Patch
http://secunia.com/advisories/30203 Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/29171 Broken Link Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020006 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1476/references Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 Third Party Advisory VDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 Broken Link Patch
http://secunia.com/advisories/30203 Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/29171 Broken Link Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020006 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1476/references Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Broken Link, Patch () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Broken Link, Patch
References () http://secunia.com/advisories/30203 - Broken Link, Patch, Vendor Advisory () http://secunia.com/advisories/30203 - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/29171 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/29171 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1020006 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1020006 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/1476/references - Permissions Required () http://www.vupen.com/english/advisories/2008/1476/references - Permissions Required
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - Third Party Advisory, VDB Entry

25 Jan 2024, 21:32

Type Values Removed Values Added
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/42358 - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1020006 - (SECTRACK) http://www.securitytracker.com/id?1020006 - Broken Link, Third Party Advisory, VDB Entry
References (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Patch (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699 - Broken Link, Patch
References (VUPEN) http://www.vupen.com/english/advisories/2008/1476/references - (VUPEN) http://www.vupen.com/english/advisories/2008/1476/references - Permissions Required
References (BID) http://www.securityfocus.com/bid/29171 - Patch (BID) http://www.securityfocus.com/bid/29171 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/30203 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/30203 - Broken Link, Patch, Vendor Advisory
CVSS v2 : 7.2
v3 : unknown
v2 : 7.2
v3 : 7.8
CWE CWE-264 CWE-732

Information

Published : 2008-05-13 20:20

Updated : 2024-11-21 00:41


NVD link : CVE-2008-0322

Mitre link : CVE-2008-0322

CVE.ORG link : CVE-2008-0322


JSON object : View

Products Affected

microsoft

  • windows_xp
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource