Vigil@nce: Windows, privilege elevation via AFD
October 2008 by Vigil@nce
SYNTHESIS
A local attacker can create an error in Ancillary Function Driver
in order to execute code with system privileges.
Gravity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/10/2008
Revision date: 16/10/2008
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows XP
DESCRIPTION
The afd.sys (Ancillary Function Driver) driver is used to access
to Winsock network features.
The TDI (Transport Driver Interface) interface is used to
communicate with AFD.
However, TDI does not correctly check User Mode parameters given
to the kernel, which corrupts the memory.
A local attacker can therefore create an error in Ancillary
Function Driver in order to execute code with system privileges.
CHARACTERISTICS
Identifiers: 956803, BID-31673, CVE-2008-3464, MS08-066,
VIGILANCE-VUL-8175