Executive Summary
Summary | |
---|---|
Title | Gear Software CD DVD Filter driver privilege escalation vulnerability |
Informations | |||
---|---|---|---|
Name | VU#146896 | First vendor Publication | 2008-10-07 |
Vendor | VU-CERT | Last vendor Modification | 2008-10-07 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#146896Gear Software CD DVD Filter driver privilege escalation vulnerabilityOverviewThe Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges.I. DescriptionGear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD recording applications. The Gear Software CD DVD Filter driver allows unlimited calls to IoAttachDevice from a user-space application. By making multiple calls to IoAttachDevice, an attacker may be able to exploit an integer overflow in the Microsoft Windows kernel to execute code with SYSTEM privileges.II. ImpactAn attacker may be able to execute code with SYSTEM privileges.III. SolutionApply an updateThis issue is addressed in GEAR driver version 4.001.7, which provides GEARAspiWDM.sys version 2.0.7.5. This version of the CD DVD Filter driver limits the number of IoAttachDevice calls that can be made. Please check with your software vendor for updates that contains this fixed driver. If no update is available, the stand-alone driver from GEAR may be installed.
References
Thanks to Ruben Santamarta of Wintercore for reporting this vulnerability by way of the Microsoft Security Response Center. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/146896 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6035 | |||
Oval ID: | oval:org.mitre.oval:def:6035 | ||
Title: | Apple iTunes Local Privilege Escalation Vulnerability | ||
Description: | Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3636 | Version: | 14 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Apple iTunes |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-25 | Name : Apple iTunes Local Privilege Escalation Vulnerability File : nvt/secpod_apple_itunes_prv_esc_vuln_900122.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48009 | Microsoft Windows Kernel IopfCompleteRequest API Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-10-24 | Name : The remote Windows host has a kernel driver with an insecure method. File : gearaspiwdm_priv_escalation.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Windows host contains an application that is affected by an intege... File : itunes_8_0.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Windows host contains an application that is affected by an intege... File : itunes_8_0_banner.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:32 |
|