lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <480F9908.8050408@wintercore.com>
Date: Wed, 23 Apr 2008 22:16:08 +0200
From: vulns@...tercore.com
To: bugtraq@...urityfocus.com
Subject: [W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege
 Escalation


[ Wintercore Advisory ]

Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation


:: Non-Technical Description

Realtek HD Audio Codec Drivers are prone to a local privilege escalation 
due to insufficient validation of user-mode buffers. Successful 
exploitation grants SYSTEM privileges to authenticated users, no special 
privileges are required to exploit the flaw.

A malicious attacker can take advantage of these flaws to elevate 
privileges in the following forms:

1.      Creating, reading or writing arbitrary registry keys.
2.      Overwriting arbitrary kernel addresses.


:: Files affected

    RTKVHDA.sys < 6.0.1.5605  		(32-bit) Windows Vista
    RTKVHDA64.sys (signed) < 6.0.1.5605  (64-bit) Windows Vista

:: Credits

    Vulnerability discovered and researched by Ruben Santamarta.

:: Disclosure Timeline

    04/02/2008 - Realtek contacted
    04/23/2008 - Flaw fixed. Public Disclosure.

:: Technical details - Original Advisory

http://www.wintercore.com/advisories/advisory_W010408.html



-- 

Wintercore
Agustin de Betancourt, 21. 8th Floor.
28003 Madrid. Spain.
Phone: +(34) 91 395 63 40
www.wintercore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ