<<< Date Index >>>     <<< Thread Index >>>

[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation


[ Wintercore Advisory ]

Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation


:: Non-Technical Description
Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. Successful exploitation grants SYSTEM privileges to authenticated users, no special privileges are required to exploit the flaw.
A malicious attacker can take advantage of these flaws to elevate privileges in the following forms: 

1.      Creating, reading or writing arbitrary registry keys.
2.      Overwriting arbitrary kernel addresses.


:: Files affected

   RTKVHDA.sys < 6.0.1.5605                  (32-bit) Windows Vista
   RTKVHDA64.sys (signed) < 6.0.1.5605  (64-bit) Windows Vista

:: Credits

   Vulnerability discovered and researched by Ruben Santamarta.

:: Disclosure Timeline

   04/02/2008 - Realtek contacted
   04/23/2008 - Flaw fixed. Public Disclosure.

:: Technical details - Original Advisory

http://www.wintercore.com/advisories/advisory_W010408.html



--

Wintercore
Agustin de Betancourt, 21. 8th Floor.
28003 Madrid. Spain.
Phone: +(34) 91 395 63 40
www.wintercore.com