Vulnerabilities > CVE-2008-0324 - Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
cisco
CWE-399
exploit available

Summary

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

Vulnerable Configurations

Part Description Count
Application
Cisco
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCisco VPN Client IPSec Driver Local kernel system pool Corruption PoC. CVE-2008-0324. Dos exploit for windows platform
fileexploits/windows/dos/4911.c
idEDB-ID:4911
last seen2016-01-31
modified2008-01-15
platformwindows
port
published2008-01-15
reportermu-b
sourcehttps://www.exploit-db.com/download/4911/
titleCisco VPN Client IPSec Driver Local kernel system pool Corruption PoC
typedos