CVE-2008-1141

Name of the Vulnerable Software and Affected Versions DESlock+ versions 3.2.6 and earlier

Description A memory leak in the DLMFENC.sys driver, version 1.0.0.26, allows local users to cause a denial of service by consuming kernel memory. This is achieved through a series of DLMFENC IOCTL requests to the ".DLKPFSD Device" endpoint, which allocate "link list structures."

Recommendations For DESlock+ versions 3.2.6 and earlier, consider restricting access to the DLMFENC IOCTL requests to minimize the risk of exploitation. As a temporary workaround, limiting the allocation of "link list structures" may help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.