CVE-2008-5121

Citrix Deterministic Network Enhancer - Access Control

Title source: rule

Description

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · clocalwindows

https://www.exploit-db.com/exploits/5837

View Code ZIP pw:eip

References (16)

[Vendor Advisory] http://secunia.com/advisories/30728

[Vendor Advisory] http://secunia.com/advisories/30744

[Vendor Advisory] http://secunia.com/advisories/30747

[Vendor Advisory] http://support.citrix.com/article/CTX117751

[Various Sources] http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860

[Various Sources] http://www.digit-labs.org/files/exploits/dne2000-call.c

[US Government Resource] http://www.kb.cert.org/vuls/id/858993

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43153

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29772

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5837

[Third Party Advisory] http://secunia.com/advisories/30753

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1865

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1866

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1867

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1868

[Third Party Advisory] http://securityreason.com/securityalert/4600

Scores

EPSS 0.0035

EPSS Percentile 57.5%

Details

CWE

CWE-264

Status published

Products (2)

citrix/deterministic_network_enhancer 2.21.7.223

citrix/deterministic_network_enhancer 3.21.7.17464

Published Nov 18, 2008

Tracked Since Feb 18, 2026