[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation

2008-04-2400:00:00

vulners.com

JSON

[ Wintercore Advisory ]

Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation

:: Non-Technical Description

Realtek HD Audio Codec Drivers are prone to a local privilege escalation
due to insufficient validation of user-mode buffers. Successful
exploitation grants SYSTEM privileges to authenticated users, no special
privileges are required to exploit the flaw.

A malicious attacker can take advantage of these flaws to elevate
privileges in the following forms:

 Creating, reading or writing arbitrary registry keys.

 Overwriting arbitrary kernel addresses.

:: Files affected

RTKVHDA.sys &lt; 6.0.1.5605            &#40;32-bit&#41; Windows Vista
RTKVHDA64.sys &#40;signed&#41; &lt; 6.0.1.5605  &#40;64-bit&#41; Windows Vista

:: Credits

Vulnerability discovered and researched by Ruben Santamarta.

:: Disclosure Timeline

04/02/2008 - Realtek contacted
04/23/2008 - Flaw fixed. Public Disclosure.

:: Technical details - Original Advisory

http://www.wintercore.com/advisories/advisory_W010408.html

–

Wintercore
Agustin de Betancourt, 21. 8th Floor.
28003 Madrid. Spain.
Phone: +(34) 91 395 63 40
www.wintercore.com

JSON

[W01-0408] Realtek HD Audio Codec Drivers &#40;Vista&#41; - Local Privilege Escalation

[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation