PT-2008-2735 · Data Encryption Systems · Deslock+
Mu-B
·
Published
2008-03-04
·
Updated
2017-09-29
·
CVE-2008-1139
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
DESlock+ versions 3.2.6 and earlier
Description
The issue allows local users to gain privileges via a certain request to the ".DLKPFSD Device" endpoint, which overwrites a pointer.
Recommendations
For DESlock+ versions 3.2.6 and earlier, consider restricting access to the DLMFENC.sys and DLMFDISK.sys files until a patch is available. As a temporary workaround, avoid using the DLMFENC IOCTL request to the ".DLKPFSD Device" endpoint.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deslock+