New Search

Messaging Queue Service Remote Code Execution Vulnerability

oval:org.mitre.oval:def:5825

afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel which allows local users to gain privileges via a crafted application as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions aka "AFD Kernel Overwrite Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2008-3464
Product(s):