Vulnerabilities > CVE-2017-14075 - Out-of-bounds Write vulnerability in Jungo Windriver

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
jungo
CWE-787
exploit available

Summary

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.

Vulnerable Configurations

Part Description Count
Application
Jungo
72

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionJungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation. CVE-2017-14075. Local exploit for Windows platform
fileexploits/windows/local/42625.py
idEDB-ID:42625
last seen2017-09-06
modified2017-09-06
platformwindows
port
published2017-09-06
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42625/
titleJungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
typelocal

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144045/jungowindriver-oobescalate.txt
idPACKETSTORM:144045
last seen2017-09-08
published2017-09-07
reportermr_me
sourcehttps://packetstormsecurity.com/files/144045/Jungo-DriverWizard-WinDrive-OOB-Write-Privilege-Escalation.html
titleJungo DriverWizard WinDrive OOB Write Privilege Escalation