CVE-2008-0951
published 2008-03-24CVE-2008-0951: Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
30.11%
98.0th percentile
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f977-5mwg-phw9: Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-0243 [CRITICAL] GHSA-f977-5mwg-phw9: Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951.
GHSA
GHSA-qpfx-f2pv-5c24: Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly phy
ghsa_unreviewed·2022-05-01
CVE-2008-0951 [HIGH] CWE-94 GHSA-qpfx-f2pv-5c24: Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly phy
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/29458http://www.kb.cert.org/vuls/id/889747http://www.securityfocus.com/bid/28360http://www.securitytracker.com/id?1020446http://www.vupen.com/english/advisories/2008/0954/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038https://exchange.xforce.ibmcloud.com/vulnerabilities/41349http://secunia.com/advisories/29458http://www.kb.cert.org/vuls/id/889747http://www.securityfocus.com/bid/28360http://www.securitytracker.com/id?1020446http://www.vupen.com/english/advisories/2008/0954/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038https://exchange.xforce.ibmcloud.com/vulnerabilities/41349
2008-03-24
Published