Microsoft Windows AFD驱动本地权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116416 漏洞类型 权限许可和访问控制
发布时间 2008-10-15 更新时间 2008-10-17
CVE编号 CVE-2008-3464 CNNVD-ID CNNVD-200810-246
漏洞平台 Windows CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/6757
https://www.securityfocus.com/bid/31673
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-246
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。Windows错误地验证了从用户态传递到内核的输入,导致辅助功能驱动(afd.sys)中存在权限提升漏洞。成功利用此漏洞的本地攻击者可执行任意指令,并可完全控制受影响的系统。
|漏洞EXP
Hi,

I have just uploaded a k-plugin for Kartoffel, which exploits a flaw
patched in the recent MS08-066 bulletin.

http://kartoffel.reversemode.com/downloads.php
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/6757.zip (2008-afd_plugin.zip)


For those researchers interesting in digging a little bit more into this
flaw, just take a look at afd!AfdGetRemoteAddress and/or check this out

http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

Regards,
Rubén.

# milw0rm.com [2008-10-15]
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Micr
|参考资料

来源:US-CERT
名称:TA08-288A
链接:http://www.us-cert.gov/cas/techalerts/TA08-288A.html
来源:BID
名称:31673
链接:http://www.securityfocus.com/bid/31673
来源:MS
名称:MS08-066
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
来源:SECUNIA
名称:32261
链接:http://secunia.com/advisories/32261
来源:XF
名称:win-ms08kb956803-update(45582)
链接:http://xforce.iss.net/xforce/xfdb/45582
来源:XF
名称:win-afd-privilege-escalation(45578)
链接:http://xforce.iss.net/xforce/xfdb/45578
来源:SECTRACK
名称:1021053
链接:http://www.securitytracker.com/id?1021053
来源:BUGTRAQ
名称:20081015ExploitforMS08-066-AFD.syskernelmemoryoverwrite.
链接:http://www.securityfocus.com/archive/1/archive/1/497375/100/0/threaded
来源:MILW0RM
名称:6757
链接:http://www.milw0rm.com/exploits/6757
来源:VUPEN
名称:ADV-2008-2817
链接:http://www.frsirt.com/english/advisories/2008/2817
来源:OVAL
名称:oval:org.mitre.oval:def:5825
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5825
来源:HP
名称:HPSBST02379
链接:http://marc.info/?l=bugtraq&m=122479227205998&w=2