Uočen je i ispravljen novi sigurnosni propust vezan uz Microsoft Windows XP SP3 koji je moguće iskoristiti lokalno za izvođenje DoS napada. Nedostatak nastaje zbog pogreške kod "afd.sys" upravljačkog programa (eng. driver) što omogućuje pristup neispravnoj memoriji. Potencijalni, zlonamjerni korisnik može iskoristiti ranjivost za izvođenje napada uskraćivanja usluge (eng. Denial of Service) putem posebno oblikovanog 0x000120CF IOCTL poziva. Trenutno rješenje za uklanjanje navedene ranjivosti je omogućiti pristup sustavu samo provjerenim korisnicima.

Microsoft Windows "afd.sys" 120CFh IOCTL Handling Vulnerability
Secunia Advisory 	SA44080 	
Release Date 	2011-04-08
Criticality level 	Not criticalNot critical
Impact 	DoS
Where 	Local system
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	Microsoft Windows XP Home Edition
	Microsoft Windows XP Professional

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the afd.sys driver when processing IOCTLs and can be exploited to access invalid memory and cause a crash via a specially crafted 0x000120CF IOCTL.

The vulnerability is confirmed on a fully patched Windows XP SP3 (afd.sys version 5.1.2600.5657). Other versions may also be affected.

Solution
Restrict access to trusted users.

Provided and/or discovered by
Lufeng Li

Original Advisory
http://www.exploit-db.com/exploits/17133/