cvelistv5 - cve-2008-1471

CVE-2008-1471 (GCVE-0-2008-1471)

Vulnerability from cvelistv5 – Published: 2008-03-24 22:00 – Updated: 2024-08-07 08:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/29311	third-party-advisoryx_refsource_SECUNIA
	http://www.pandasecurity.com/homeusers/support/ca…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0801…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/28150	vdb-entryx_refsource_BID
	http://www.trapkit.de/advisories/TKADV2008-001.txt	x_refsource_MISC
	http://www.securitytracker.com/id?1019568	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/489292/100…	mailing-listx_refsource_BUGTRAQ
	http://www.pandasecurity.com/homeusers/support/ca…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29311"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
          },
          {
            "name": "ADV-2008-0801",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0801/references"
          },
          {
            "name": "28150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28150"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
          },
          {
            "name": "1019568",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019568"
          },
          {
            "name": "20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
          },
          {
            "name": "panda-antivirus-cpointsys-priv-escalation(41079)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "29311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29311"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
        },
        {
          "name": "ADV-2008-0801",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0801/references"
        },
        {
          "name": "28150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28150"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
        },
        {
          "name": "1019568",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019568"
        },
        {
          "name": "20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
        },
        {
          "name": "panda-antivirus-cpointsys-priv-escalation(41079)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29311",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29311"
            },
            {
              "name": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp",
              "refsource": "CONFIRM",
              "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
            },
            {
              "name": "ADV-2008-0801",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0801/references"
            },
            {
              "name": "28150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28150"
            },
            {
              "name": "http://www.trapkit.de/advisories/TKADV2008-001.txt",
              "refsource": "MISC",
              "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
            },
            {
              "name": "1019568",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019568"
            },
            {
              "name": "20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
            },
            {
              "name": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp",
              "refsource": "CONFIRM",
              "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
            },
            {
              "name": "panda-antivirus-cpointsys-priv-escalation(41079)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1471",
    "datePublished": "2008-03-24T22:00:00",
    "dateReserved": "2008-03-24T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:vista:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"8C7E0F58-4948-4785-816F-6B2DC5FEA18E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:xp:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"EEC92A11-2DA9-45B0-8887-876126DA6940\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"26CF0F23-E9B6-415F-868A-C883EF11F389\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"ACF75FC8-095A-4EEA-9A41-C27CFF3953FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4D1D99A-22AA-4FC6-ADEF-2759EB96CF5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panda:panda_internet_security:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"045DD35A-DBE0-412F-AEE0-CA333328A59D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.\"}, {\"lang\": \"es\", \"value\": \"El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegaci\\u00f3n de servicio (ca\\u00edda del sistema o kernel panic), sobrescribir memoria o ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de una petici\\u00f3n IOCTL manipulada que dispara una escritura en memoria fuera de l\\u00edmite.\"}]",
      "id": "CVE-2008-1471",
      "lastModified": "2024-11-21T00:44:37.097",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-03-24T22:44:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/29311\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/489292/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28150\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019568\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.trapkit.de/advisories/TKADV2008-001.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0801/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41079\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/489292/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019568\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.trapkit.de/advisories/TKADV2008-001.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0801/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1471\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-24T22:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.\"},{\"lang\":\"es\",\"value\":\"El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema o kernel panic), sobrescribir memoria o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n IOCTL manipulada que dispara una escritura en memoria fuera de l\u00edmite.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:vista:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"8C7E0F58-4948-4785-816F-6B2DC5FEA18E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:xp:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"EEC92A11-2DA9-45B0-8887-876126DA6940\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"26CF0F23-E9B6-415F-868A-C883EF11F389\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"ACF75FC8-095A-4EEA-9A41-C27CFF3953FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4D1D99A-22AA-4FC6-ADEF-2759EB96CF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panda:panda_internet_security:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"045DD35A-DBE0-412F-AEE0-CA333328A59D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/29311\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489292/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28150\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019568\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trapkit.de/advisories/TKADV2008-001.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0801/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41079\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489292/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trapkit.de/advisories/TKADV2008-001.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0801/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-38MC-JPFH-XH7R

Vulnerability from github – Published: 2022-05-01 23:40 – Updated: 2022-05-01 23:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1471"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-24T22:44:00Z",
    "severity": "HIGH"
  },
  "details": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.",
  "id": "GHSA-38mc-jpfh-xh7r",
  "modified": "2022-05-01T23:40:29Z",
  "published": "2022-05-01T23:40:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1471"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29311"
    },
    {
      "type": "WEB",
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "type": "WEB",
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28150"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019568"
    },
    {
      "type": "WEB",
      "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0801/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200803-0457

Vulnerability from variot - Updated: 2023-12-18 14:06

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: Panda Products cpoint.sys Privilege Escalation Vulnerabilities

SECUNIA ADVISORY ID: SA29311

VERIFY ADVISORY: http://secunia.com/advisories/29311/

CRITICAL: Less critical

IMPACT: Privilege escalation, DoS

WHERE: Local system

SOFTWARE: Panda Internet Security 2008 http://secunia.com/product/17681/ Panda Antivirus + Firewall 2008 http://secunia.com/product/17905/

DESCRIPTION: Tobias Klein has reported some vulnerabilities in Panda products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Input validation errors in the cpoint.sys driver when handling certain IOCTL requests (e.g.

The vulnerabilities affect the following products: * Panda Internet Security 2008 * Panda Antivirus + Firewall 2008

SOLUTION: Apply hotfix.

Panda Internet Security 2008 (hfp120801s1.exe): http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe

Panda Antivirus + Firewall 2008 (hft70801s1.exe): http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe

PROVIDED AND/OR DISCOVERED BY: Tobias Klein

ORIGINAL ADVISORY: Panda: http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp

http://www.trapkit.de/advisories/TKADV2008-001.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0457",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "panda",
        "version": "2008"
      },
      {
        "model": "antivirus and firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "panda",
        "version": "2008"
      },
      {
        "model": "antivirus and firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panda security",
        "version": "2008"
      },
      {
        "model": "internet security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panda security",
        "version": "2008"
      },
      {
        "model": "windows-nt",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "xp"
      },
      {
        "model": "windows 2000",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "pro"
      },
      {
        "model": "windows-nt",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "vista"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "x64"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "x64"
      },
      {
        "model": "antivirus firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "panda",
        "version": "+2008"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:vista:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:xp:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:panda:panda_internet_security:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery is credited to Tobias Klein.",
    "sources": [
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-1471",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-1471",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-31596",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-1471",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-380",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31596",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nPanda Products cpoint.sys Privilege Escalation Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29311\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29311/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation, DoS\n\nWHERE:\nLocal system\n\nSOFTWARE:\nPanda Internet Security 2008\nhttp://secunia.com/product/17681/\nPanda Antivirus + Firewall 2008\nhttp://secunia.com/product/17905/\n\nDESCRIPTION:\nTobias Klein has reported some vulnerabilities in Panda products,\nwhich can be exploited by malicious, local users to cause a DoS\n(Denial of Service) or gain escalated privileges. \n\nInput validation errors in the cpoint.sys driver when handling\ncertain IOCTL requests (e.g. \n\nThe vulnerabilities affect the following products:\n* Panda Internet Security 2008\n* Panda Antivirus + Firewall 2008\n\nSOLUTION:\nApply hotfix. \n\nPanda Internet Security 2008 (hfp120801s1.exe):\nhttp://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe\n\nPanda Antivirus + Firewall 2008 (hft70801s1.exe):\nhttp://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nTobias Klein\n\nORIGINAL ADVISORY:\nPanda:\nhttp://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp\nhttp://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp\n\nhttp://www.trapkit.de/advisories/TKADV2008-001.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "PACKETSTORM",
        "id": "64344"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-31596",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-1471",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "28150",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "29311",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019568",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0801",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "41079",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080308 [TKADV2008-001] PANDA INTERNET SECURITY/ANTIVIRUS+FIREWALL 2008 CPOINT.SYS KERNEL DRIVER MEMORY CORRUPTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "31363",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-31596",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64344",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "PACKETSTORM",
        "id": "64344"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "id": "VAR-200803-0457",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:06:40.865000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "20080306 41337 EN",
        "trust": 0.8,
        "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026ididioma=2\u0026ref=prodexp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.trapkit.de/advisories/tkadv2008-001.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026ididioma=2\u0026ref=prodexp"
      },
      {
        "trust": 2.0,
        "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026ididioma=2\u0026ref=prodexp"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/28150"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019568"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29311"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0801/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1471"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1471"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41079"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/489292/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0801/references"
      },
      {
        "trust": 0.1,
        "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026amp;ididioma=2\u0026amp;ref=prodexp"
      },
      {
        "trust": 0.1,
        "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026amp;ididioma=2\u0026amp;ref=prodexp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17905/"
      },
      {
        "trust": 0.1,
        "url": "http://www.pandasecurity.com/resources/sop/platinum2008/hfp120801s1.exe"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.pandasecurity.com/resources/sop/pavf08/hft70801s1.exe"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17681/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29311/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "PACKETSTORM",
        "id": "64344"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "db": "PACKETSTORM",
        "id": "64344"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "date": "2008-03-08T00:00:00",
        "db": "BID",
        "id": "28150"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "date": "2008-03-12T17:55:23",
        "db": "PACKETSTORM",
        "id": "64344"
      },
      {
        "date": "2008-03-24T22:44:00",
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "date": "2008-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31596"
      },
      {
        "date": "2015-05-07T17:32:00",
        "db": "BID",
        "id": "28150"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      },
      {
        "date": "2018-10-11T20:34:56.347000",
        "db": "NVD",
        "id": "CVE-2008-1471"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "28150"
      },
      {
        "db": "PACKETSTORM",
        "id": "64344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panda Internet Security Such as  cpoint.sys Service disruption in drivers  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-380"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2008-1471

Vulnerability from fkie_nvd - Published: 2008-03-24 22:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29311	Vendor Advisory
cve@mitre.org	http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp	Patch
cve@mitre.org	http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/489292/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28150	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019568
cve@mitre.org	http://www.trapkit.de/advisories/TKADV2008-001.txt	Exploit, Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0801/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41079
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29311	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489292/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28150	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019568
af854a3a-2127-422b-91ae-364da2661108	http://www.trapkit.de/advisories/TKADV2008-001.txt	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0801/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41079

Impacted products

Vendor	Product	Version
microsoft	windows-nt	vista
microsoft	windows-nt	xp
microsoft	windows_2000	*
microsoft	windows_vista	*
microsoft	windows_xp	*
panda	panda_antivirus_and_firewall	2008
panda	panda_internet_security	2008

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:*:x32:*:*:*:*:*",
              "matchCriteriaId": "8C7E0F58-4948-4785-816F-6B2DC5FEA18E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:*:x32:*:*:*:*:*",
              "matchCriteriaId": "EEC92A11-2DA9-45B0-8887-876126DA6940",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*",
              "matchCriteriaId": "26CF0F23-E9B6-415F-868A-C883EF11F389",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D1D99A-22AA-4FC6-ADEF-2759EB96CF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:panda:panda_internet_security:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "045DD35A-DBE0-412F-AEE0-CA333328A59D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory."
    },
    {
      "lang": "es",
      "value": "El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema o kernel panic), sobrescribir memoria o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n IOCTL manipulada que dispara una escritura en memoria fuera de l\u00edmite."
    }
  ],
  "id": "CVE-2008-1471",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-24T22:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29311"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28150"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019568"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0801/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0801/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-1471

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1471

Aliases

CVE-2008-1471

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1471",
    "description": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.",
    "id": "GSD-2008-1471"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1471"
      ],
      "details": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.",
      "id": "GSD-2008-1471",
      "modified": "2023-12-13T01:23:02.848439Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1471",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "29311",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29311"
          },
          {
            "name": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp",
            "refsource": "CONFIRM",
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
          },
          {
            "name": "ADV-2008-0801",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0801/references"
          },
          {
            "name": "28150",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28150"
          },
          {
            "name": "http://www.trapkit.de/advisories/TKADV2008-001.txt",
            "refsource": "MISC",
            "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
          },
          {
            "name": "1019568",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019568"
          },
          {
            "name": "20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
          },
          {
            "name": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp",
            "refsource": "CONFIRM",
            "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
          },
          {
            "name": "panda-antivirus-cpointsys-priv-escalation(41079)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:vista:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:xp:*:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:panda:panda_antivirus_and_firewall:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:panda:panda_internet_security:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1471"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.trapkit.de/advisories/TKADV2008-001.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.trapkit.de/advisories/TKADV2008-001.txt"
            },
            {
              "name": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.pandasecurity.com/homeusers/support/card?id=41231\u0026idIdioma=2\u0026ref=ProdExp"
            },
            {
              "name": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.pandasecurity.com/homeusers/support/card?id=41337\u0026idIdioma=2\u0026ref=ProdExp"
            },
            {
              "name": "28150",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/28150"
            },
            {
              "name": "1019568",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019568"
            },
            {
              "name": "29311",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29311"
            },
            {
              "name": "ADV-2008-0801",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0801/references"
            },
            {
              "name": "panda-antivirus-cpointsys-priv-escalation(41079)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41079"
            },
            {
              "name": "20080308 [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/489292/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:34Z",
      "publishedDate": "2008-03-24T22:44Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1471 (GCVE-0-2008-1471)

GHSA-38MC-JPFH-XH7R

VAR-200803-0457

FKIE_CVE-2008-1471

GSD-2008-1471

Tags

Sightings

Nomenclature