Summary
This host is missing important security update according to Microsoft Bulletin MS08-066.
Impact
Successful exploitation could allow an attacker to run arbitrary code in kernal mode with elevated privileges and take complete control of an affected system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
Insight
The flaw exists due to the Ancillary Function Driver (afd.sys) not properly checking user supplied memory ranges before writing to them into location.
Affected
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Server 2003 Service Pack 2 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3464 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- IE 5.01 5.5 6.0 Cumulative patch (890923)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)