WinPcap - Local hacker automatic control
Version: | 4.0 and prior. |
Technical Details: | Insufficient input validation of Interrupt Request Packet parameters when passed to IOCTL 9031 can lead to arbitrary local code execution due to overwriting of kernel memory. The vulnerability lies in the NPF.sys driver. According to iDefense, any application using WinPcap is vulnerable from the time that WinPcap is first loaded, until the module is manually unloaded or WinPcap is terminated. |
Description: |
iDefense have discovered that WinPcap, a software utility that is used to access Windows network traffic at the link level, and which is used by applications providing network traffic capture and analysis, is vulnerable to an issue that can allow a local user to run software of their choice on a vulnerable system. The local user is able to achieve this through sending malicious network traffic to a system that is running a vulnerable version of WinPcap. |
Mitigation: |
Update to version 4.0.1 at an appropriate time. |
Updates: |
http://www.winpcap.org/misc/changelog.htm |
Source: |
http://labs.idefense.com/intelligence/vulnerabilities/ |
Exploits: |
|
External Tracking Data: | Not Yet Identified |
Social bookmark this page