CVE-2017-14344

Name of the Vulnerable Software and Affected Versions Jungo WinDriver versions prior to 12.4.0

Description This issue allows local attackers to escalate privileges. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver, due to the failure to properly validate user-supplied data, which can result in a kernel pool overflow. This can be leveraged to execute arbitrary code under the context of the kernel.

Recommendations For Jungo WinDriver versions prior to 12.4.0, consider applying security patches or updates that address the improper validation of user-supplied data in the windrvr1240 kernel driver. As a temporary workaround, restrict access to the IOCTL 0x95382673 to minimize the risk of exploitation.