ID CVE-2008-3636
Summary Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:itunes:1.0:-:windows
    cpe:2.3:a:apple:itunes:1.0:-:windows
  • cpe:2.3:a:apple:itunes:1.1.1:-:windows
    cpe:2.3:a:apple:itunes:1.1.1:-:windows
  • cpe:2.3:a:apple:itunes:1.1.2:-:windows
    cpe:2.3:a:apple:itunes:1.1.2:-:windows
  • cpe:2.3:a:apple:itunes:2.0:-:windows
    cpe:2.3:a:apple:itunes:2.0:-:windows
  • cpe:2.3:a:apple:itunes:2.0.1:-:windows
    cpe:2.3:a:apple:itunes:2.0.1:-:windows
  • cpe:2.3:a:apple:itunes:2.0.2:-:windows
    cpe:2.3:a:apple:itunes:2.0.2:-:windows
  • cpe:2.3:a:apple:itunes:2.0.3:-:windows
    cpe:2.3:a:apple:itunes:2.0.3:-:windows
  • cpe:2.3:a:apple:itunes:2.0.4:-:windows
    cpe:2.3:a:apple:itunes:2.0.4:-:windows
  • cpe:2.3:a:apple:itunes:3.0:-:windows
    cpe:2.3:a:apple:itunes:3.0:-:windows
  • cpe:2.3:a:apple:itunes:3.0.1:-:windows
    cpe:2.3:a:apple:itunes:3.0.1:-:windows
  • cpe:2.3:a:apple:itunes:4.0:-:windows
    cpe:2.3:a:apple:itunes:4.0:-:windows
  • Apple iTunes 4.0.1 for Windows
    cpe:2.3:a:apple:itunes:4.0.1:-:windows
  • cpe:2.3:a:apple:itunes:4.1:-:windows
    cpe:2.3:a:apple:itunes:4.1:-:windows
  • cpe:2.3:a:apple:itunes:4.2:-:windows
    cpe:2.3:a:apple:itunes:4.2:-:windows
  • cpe:2.3:a:apple:itunes:4.2.72:-:windows
    cpe:2.3:a:apple:itunes:4.2.72:-:windows
  • Apple iTunes 4.5 Windows
    cpe:2.3:a:apple:itunes:4.5:-:windows
  • Apple iTunes 4.6 Windows
    cpe:2.3:a:apple:itunes:4.6:-:windows
  • Apple iTunes 4.7 Windows
    cpe:2.3:a:apple:itunes:4.7:-:windows
  • Apple iTunes 4.7.1 for Windows
    cpe:2.3:a:apple:itunes:4.7.1:-:windows
  • cpe:2.3:a:apple:itunes:4.7.1.30:-:windows
    cpe:2.3:a:apple:itunes:4.7.1.30:-:windows
  • cpe:2.3:a:apple:itunes:4.8:-:windows
    cpe:2.3:a:apple:itunes:4.8:-:windows
  • cpe:2.3:a:apple:itunes:4.9:-:windows
    cpe:2.3:a:apple:itunes:4.9:-:windows
  • Apple iTunes 5.0 Windows
    cpe:2.3:a:apple:itunes:5.0:-:windows
  • Apple iTunes 5.0.1 for Windows
    cpe:2.3:a:apple:itunes:5.0.1:-:windows
  • cpe:2.3:a:apple:itunes:6.0:-:windows
    cpe:2.3:a:apple:itunes:6.0:-:windows
  • Apple iTunes 6.0.1 for Windows
    cpe:2.3:a:apple:itunes:6.0.1:-:windows
  • Apple iTunes 6.0.2 for Windows
    cpe:2.3:a:apple:itunes:6.0.2:-:windows
  • Apple iTunes 6.0.3 for Windows
    cpe:2.3:a:apple:itunes:6.0.3:-:windows
  • Apple iTunes 6.0.4 for Windows
    cpe:2.3:a:apple:itunes:6.0.4:-:windows
  • cpe:2.3:a:apple:itunes:6.0.4.2:-:windows
    cpe:2.3:a:apple:itunes:6.0.4.2:-:windows
  • Apple iTunes 6.0.5 for Windows
    cpe:2.3:a:apple:itunes:6.0.5:-:windows
  • Apple iTunes 7.0.2 for Windows
    cpe:2.3:a:apple:itunes:7.0.2:-:windows
  • Apple iTunes 7.3.2 for Windows
    cpe:2.3:a:apple:itunes:7.3.2:-:windows
  • Apple iTunes 7.4 Windows
    cpe:2.3:a:apple:itunes:7.4:-:windows
  • Apple iTunes 7.4.1 for Windows
    cpe:2.3:a:apple:itunes:7.4.1:-:windows
  • Apple iTunes 7.4.2 for Windows
    cpe:2.3:a:apple:itunes:7.4.2:-:windows
  • Apple iTunes 7.4.3 Windows
    cpe:2.3:a:apple:itunes:7.4.3:-:windows
  • Apple iTunes 7.5 Windows
    cpe:2.3:a:apple:itunes:7.5:-:windows
  • cpe:2.3:a:apple:itunes:7.6:-:windows
    cpe:2.3:a:apple:itunes:7.6:-:windows
  • Apple iTunes 7.6.1 for Windows
    cpe:2.3:a:apple:itunes:7.6.1:-:windows
  • Apple iTunes 7.6.2 for Windows
    cpe:2.3:a:apple:itunes:7.6.2:-:windows
  • cpe:2.3:a:apple:itunes:7.7:-:windows
    cpe:2.3:a:apple:itunes:7.7:-:windows
  • Apple iTunes 7.7.1 for Windows
    cpe:2.3:a:apple:itunes:7.7.1:-:windows
CVSS
Base: 7.2 (as of 11-09-2008 - 14:19)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_8_0_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 8.0. It is, therefore, affected by an integer buffer overflow vulnerability in an included third party driver. A local user can exploit this to gain system privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 34158
    published 2008-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34158
    title Apple iTunes < 8.0 Integer Buffer Overflow (uncredentialed check)
  • NASL family Windows
    NASL id ITUNES_8_0.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 8.0. Such versions include a third-party driver that are affected by an integer buffer overflow that could allow a local user to gain system privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 34157
    published 2008-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34157
    title Apple iTunes < 8.0 Integer Buffer Overflow (credentialed check)
oval via4
accepted 2015-06-22T04:00:46.317-04:00
class vulnerability
contributors
  • name Chandan S
    organization SecPod Technologies
  • name Mike Lah
    organization The MITRE Corporation
  • name Scott Quint
    organization Quintechssential
  • name Pooja Shetty
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
comment Apple iTunes is installed
oval oval:org.mitre.oval:def:12353
description Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
family windows
id oval:org.mitre.oval:def:6035
status accepted
submitted 2008-09-17T13:25:15
title Apple iTunes Local Privilege Escalation Vulnerability
version 15
refmap via4
apple APPLE-SA-2009-09-09
bid 31089
bugtraq 20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)
cert-vn VU#146896
confirm
misc http://www.wintercore.com/advisories/advisory_W021008.html
sectrack
  • 1020839
  • 1020997
  • 1020998
  • 1020999
vupen
  • ADV-2008-2526
  • ADV-2008-2769
  • ADV-2008-2770
Last major update 06-08-2013 - 16:49
Published 10-09-2008 - 21:13
Last modified 11-10-2018 - 16:48
Back to Top