National Cyber-Alert System

Vulnerability Summary for CVE-2008-3636

Overview

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#146896

Name: VU#146896

Hyperlink:http://www.kb.cert.org/vuls/id/146896

External Source: BID

Name: 31089

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/31089

External Source: MISC

Name: http://www.wintercore.com/advisories/advisory_W021008.html

Hyperlink:http://www.wintercore.com/advisories/advisory_W021008.html

External Source: VUPEN

Name: ADV-2008-2770

Hyperlink:http://www.vupen.com/english/advisories/2008/2770

External Source: CONFIRM

Name: http://www.symantec.com/avcenter/security/Content/2008.10.07a.html

Hyperlink:http://www.symantec.com/avcenter/security/Content/2008.10.07a.html

External Source: SECTRACK

Name: 1020999

Hyperlink:http://www.securitytracker.com/id?1020999

External Source: SECTRACK

Name: 1020998

Hyperlink:http://www.securitytracker.com/id?1020998

External Source: SECTRACK

Name: 1020997

Hyperlink:http://www.securitytracker.com/id?1020997

External Source: BUGTRAQ

Name: 20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/497131/100/0/threaded

External Source: CONFIRM

Name: http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf

Hyperlink:http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf

External Source: VUPEN

Name: ADV-2008-2769

Hyperlink:http://www.frsirt.com/english/advisories/2008/2769

External Source: VUPEN

Name: ADV-2008-2526

Hyperlink:http://www.frsirt.com/english/advisories/2008/2526

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3025

Hyperlink:http://support.apple.com/kb/HT3025

External Source: SECTRACK

Name: 1020839

Hyperlink:http://securitytracker.com/id?1020839

External Source: CONFIRM

Name: http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html

Hyperlink:http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html

External Source: OVAL

Name: oval:org.mitre.oval:def:6035

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6035

External Source: APPLE

Name: APPLE-SA-2009-09-09

Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html