CVE-2008-6000

The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
gdataantivirus_2008
*
gdatainternetsecurity_2008
*
gdatatotalcare_2008
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31941
http://trapkit.de/advisories/TKADV2008-008.txt
http://www.securityfocus.com/bid/31246
http://www.vupen.com/english/advisories/2008/2636
https://exchange.xforce.ibmcloud.com/vulnerabilities/45249
http://secunia.com/advisories/31941
http://trapkit.de/advisories/TKADV2008-008.txt
http://www.securityfocus.com/bid/31246
http://www.vupen.com/english/advisories/2008/2636
https://exchange.xforce.ibmcloud.com/vulnerabilities/45249