[Reversemode Paper] Exploiting WDM Audio Drivers

To: Securityfocus <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Reversemode Paper] Exploiting WDM Audio Drivers
From: Reversemode <advisories@xxxxxxxxxxxxxxx>
Date: Mon, 07 Jan 2008 16:30:26 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: Reversemode <advisories@xxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Hi,

For those researchers who are interested in the driver security and alsofor driver writers, the paper "Exploiting WDM Audio Drivers" has beenreleased.

This paper explains an attack vector inherent to certain WDM audiodrivers running on Windows Vista, XP, 2000 and 2003. Successfulexploitation could lead to local escalation of privileges.

The paper also covers the interesting case of es1371mp.sys, a vulnerableWDM driver that can be automatically installed through Windows Update,on systems with Ensoniq PCI 1371 based SoundCards (Certain VMwareproducts emulate a soundcard of this type).


It can be downloaded at :

(v 1.01)http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=54

Additionally, an exploit(es1371mp.sys)/Vuln-finder K-plugin forKartoffel is available at :

http://kartoffel.reversemode.com/downloads.php


Regards,
-Ruben

---
www.reversemode.com

Prev by Date: New Web Hacking Incidents at WHID
Next by Date: [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Previous by thread: New Web Hacking Incidents at WHID
Next by thread: [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Index(es):
- Date
- Thread