Vulnerabilities > CVE-2008-0324 - Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

cisco

CWE-399

exploit available

NVD

Published: 2008-01-17

Updated: 2017-09-29

Summary

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco VPN Client 5.0.2.0090	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC. CVE-2008-0324. Dos exploit for windows platform
file	exploits/windows/dos/4911.c
id	EDB-ID:4911
last seen	2016-01-31
modified	2008-01-15
platform	windows
port
published	2008-01-15
reporter	mu-b
source	https://www.exploit-db.com/download/4911/
title	Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC
type	dos

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References