CVE-2017-15303

Name of the Vulnerable Software and Affected Versions CPUID CPU-Z versions prior to 1.43

Description The issue allows for an arbitrary memory write, resulting in elevation of privileges. This can occur when any program running on the local machine issues an ioctl call to the kernel-mode driver while CPU-Z is running. For example, this can be done through the 0x9C402430 ioctl call to drivers such as cpuz141 x64.sys.

Recommendations For versions prior to 1.43, update to version 1.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the kernel-mode driver to minimize the risk of exploitation.