CVE-2008-4363

Deslock - Improper Input Validation

Title source: rule

Description

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

Exploits (2)

exploitdb WORKING POC VERIFIED
by mu-b · cdoswindows
https://www.exploit-db.com/exploits/6497
exploitdb WORKING POC VERIFIED
by mu-b · cdoswindows
https://www.exploit-db.com/exploits/6498

References (5)

Scores

EPSS 0.0085
EPSS Percentile 74.9%

Details

CWE
CWE-20
Status published
Products (1)
deslock/deslock 3.2.7
Published Sep 30, 2008
Tracked Since Feb 18, 2026