CVE-2008-4363 - Vulnerability Details - OpenCVE

Description

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

Published: 2008-09-30

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:deslock:deslock:3.2.7:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2008-4344	DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00846.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://digit-labs.org/files/exploits/deslock-probe-read.c
http://secunia.com/advisories/31921
http://securityreason.com/securityalert/4342
http://www.vupen.com/english/advisories/2008/2638
https://www.exploit-db.com/exploits/6498

History

No history.

Subscriptions

Deslock Deslock

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-30T21:00:00.000Z

Updated: 2024-08-07T10:17:08.442Z

Reserved: 2008-09-30T00:00:00.000Z

Link: CVE-2008-4363

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-30T23:24:53.603

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4363

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4342"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4363", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://digit-labs.org/files/exploits/deslock-probe-read.c", "refsource": "MISC", "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4342"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:08.442Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4342"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4363", "datePublished": "2008-09-30T21:00:00.000Z", "dateReserved": "2008-09-30T00:00:00.000Z", "dateUpdated": "2024-08-07T10:17:08.442Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deslock:deslock:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "5CD625B2-C9BE-42FE-AF96-90BE16A09F41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}, {"lang": "es", "value": "DLMFENC.sys v1.0.0.28 de DESlock+ v3.2.7 permite a usuarios locales provocar una ca\u00edda del sistema (system crash) o ejecutar potencialmente c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ciertas peticiones a \\\\.\\DLKPFSD_Device que sobrescriben un puntero, lo que probablemente est\u00e9 relacionado con el uso de la funci\u00f3n ProbeForRead cuando deber\u00eda haberse ejecutado ProbeForWrite."}], "id": "CVE-2008-4363", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-30T23:24:53.603", "references": [{"source": "cve@mitre.org", "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31921"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4342"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6498"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6498"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}