BUGTRAQ ID: 31673 CVE(CAN) ID: CVE-2008-3464 Microsoft Windows是微软发布的非常流行的操作系统。 Windows错误地验证了从用户态传递到内核的输入,导致辅助功能驱动(afd.sys)中存在权限提升漏洞。成功利用此漏洞的本地攻击者可执行任意指令,并可完全控制受影响的系统。
Microsoft Windows AFD驱动本地权限提升漏洞(MS08-066)
SSV ID:4240
SEBUG-Appdir:Microsoft Windows
Published:2008-10-15
Vulnerable:
Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Discription:
<*References
http://secunia.com/advisories/32261/*>
http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx?pf=true
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
SEBUG Solution:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS08-066)以及相应补丁:
MS08-066:Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx?pf=true
---------
Microsoft已经为此发布了一个安全公告(MS08-066)以及相应补丁:
MS08-066:Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx?pf=true
// sebug.net [2008-10-15]