Bugtraq mailing list archives
[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
From: vulns () wintercore com
Date: Wed, 23 Apr 2008 22:16:08 +0200
[ Wintercore Advisory ] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation :: Non-Technical DescriptionRealtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. Successful exploitation grants SYSTEM privileges to authenticated users, no special privileges are required to exploit the flaw.
A malicious attacker can take advantage of these flaws to elevate privileges in the following forms:
1. Creating, reading or writing arbitrary registry keys. 2. Overwriting arbitrary kernel addresses. :: Files affected RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista :: Credits Vulnerability discovered and researched by Ruben Santamarta. :: Disclosure Timeline 04/02/2008 - Realtek contacted 04/23/2008 - Flaw fixed. Public Disclosure. :: Technical details - Original Advisory http://www.wintercore.com/advisories/advisory_W010408.html -- Wintercore Agustin de Betancourt, 21. 8th Floor. 28003 Madrid. Spain. Phone: +(34) 91 395 63 40 www.wintercore.com
Current thread:
- [W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation vulns (Apr 23)