HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-167
Microsoft Ancillary Function Driver (AFD) Kernel Overwrite Vulnerability

Original Issue Date:October 16, 2008

Severity Rating: Medium

Systems Affected

  • Windows XP Service Pack 2
  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 with SP2 for Itanium-based Systems

Overview

A vulnerability has been reported in Microsoft Windows 2003 and XP that could be exploited by a local attacker to execute arbitrary code in kernel mode and take complete control of an affected system .

Description

 The AFD "ancillary function driver” supports Windows sockets applications and is contained in the afd.sys file. The afd.sys driver runs in kernel mode and manages the Winsock TCP/IP communications protocol. This Winsock Kernel Interface provides access to the TDI transports.

A vulnerability has been reported in Microsoft Windows 2003 and XP due to an input validation error in the Ancillary Function Driver (afd.sys) from user mode to the kernel. This vulnerability could be exploited by attacker to cause execute arbitrary code and take complete control of an affected system via specially crafted application.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-066

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

References

 Secunia
http://secunia.com/advisories/32261/

SecurityFocus
http://www.securityfocus.com/bid/31673

SecurityTracker http://www.securitytracker.com/alerts/2008/Oct/1021053.html

CVE Name
CVE-2008-3464

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003