PT-2017-13232 · Jungo · Windriver

Mr_Me

Published

2017-09-11

Updated

2018-10-17

CVE-2017-14075

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jungo WinDriver versions 12.4.0 and earlier

Description This issue allows local attackers to escalate privileges. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver, due to the failure to properly validate user-supplied data, resulting in an out-of-bounds write condition. This can be leveraged to execute arbitrary code under the context of the kernel.

Recommendations For Jungo WinDriver versions 12.4.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-14075

Affected Products

Windriver

PT-2017-13232 · Jungo · Windriver

CVE-2017-14075

Weakness Enumeration

Related Identifiers

Affected Products

References · 4