CVE-2008-5121

Citrix Deterministic Network Enhancer 2.21.7.233-3.21.7.17464 Privilege Escalation via DNE_IOCTL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5121. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a local kernel vulnerability in the Deterministic Network Enhancer (dne2000.sys) driver to achieve privilege escalation to SYSTEM. It leverages an IOCTL call to execute arbitrary shellcode in ring0, specifically designed for Windows XP and Windows Server 2003.

Description

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mu-b · clocalwindows
https://www.exploit-db.com/exploits/5837

This exploit targets a local kernel vulnerability in the Deterministic Network Enhancer (dne2000.sys) driver to achieve privilege escalation to SYSTEM. It leverages an IOCTL call to execute arbitrary shellcode in ring0, specifically designed for Windows XP and Windows Server 2003.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Deterministic Network Enhancer (dne2000.sys) versions 2.21.7.233 to 3.21.7.17464
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable dne2000.sys driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/858993
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1867
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5837
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1868
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30728
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX117751
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29772
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4600
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1865
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30753
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1866
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30744
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30747

Scores

EPSS 0.0112
EPSS Percentile 61.9%

Details

CWE
CWE-264
Status published
Products (2)
citrix/deterministic_network_enhancer 2.21.7.223
citrix/deterministic_network_enhancer 3.21.7.17464
Published Nov 18, 2008
Tracked Since Feb 18, 2026