Vulnerabilities > CVE-2017-6178 - NULL Pointer Dereference vulnerability in Usbpcap Project Usbpcap 1.1.0.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

usbpcap-project

CWE-476

exploit available

NVD

Published: 2017-03-20

Updated: 2019-03-13

Summary

The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.

Vulnerable Configurations

Part	Description	Count
Application	Usbpcap_Project Usbpcap Project Usbpcap 1.1.0.0	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Exploit-Db

file	exploits/windows/local/41542.c
id	EDB-ID:41542
last seen	2018-11-30
modified	2017-03-07
platform	windows
port
published	2017-03-07
reporter	Exploit-DB
source	https://www.exploit-db.com/download/41542
title	USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation
type	local

Packetstorm

data source	https://packetstormsecurity.com/files/download/141526/usbpcap-escalate.txt
id	PACKETSTORM:141526
last seen	2017-03-09
published	2017-03-09
reporter	Parvez Anwar
source	https://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html
title	USBPcap 1.1.0.0 Privilege Escalation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References