Vulnerabilities > CVE-2008-7211 - Local Privilege Escalation vulnerability in Soundblaster Ensoniq PCI Es1371 WDM Driver 5.1.3612.0

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
soundblaster
microsoft
exploit available

Summary

CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer.

Vulnerable Configurations

Part Description Count
Hardware
Soundblaster
1
OS
Microsoft
1

Exploit-Db

descriptionCreative Ensoniq PCI ES1371 WDM Driver 5.1.3612 Local Privilege Escalation Vulnerability. CVE-2008-7211. Local exploit for windows platform
idEDB-ID:30999
last seen2016-02-03
modified2008-01-07
published2008-01-07
reporterRuben Santamarta
sourcehttps://www.exploit-db.com/download/30999/
titleCreative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Local Privilege Escalation Vulnerability