Microsoft Ancillary Function Driver Elevation Of Privilege Vulnerability (956803) Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS08-066.

Impact

Successful exploitation could allow an attacker to run arbitrary code in kernal mode with elevated privileges and take complete control of an affected system. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

Insight

The flaw exists due to the Ancillary Function Driver (afd.sys) not properly checking user supplied memory ranges before writing to them into location.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows Server 2003 Service Pack 2 and prior.

References

http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3464
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
Cumulative Security Update for Internet Explorer (950759)
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)

Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)

Take action and discover your vulnerabilities