CVE-2004-1038

Name of the Vulnerable Software and Affected Versions: Windows Vista Linux-based operating systems (affected versions not specified)

Description: A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions. This issue was reported to affect Windows Vista in 2008. Some Linux-based operating systems have protection mechanisms against this attack.

Recommendations: For Windows Vista, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux-based operating systems, ensure that protection mechanisms against this attack are enabled and properly configured.