Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

WinPcap - Local hacker automatic control

Version: 4.0 and prior.
Technical Details:

Insufficient input validation of Interrupt Request Packet parameters when passed to IOCTL 9031 can lead to arbitrary local code execution due to overwriting of kernel memory. The vulnerability lies in the NPF.sys driver.

According to iDefense, any application using WinPcap is vulnerable from the time that WinPcap is first loaded, until the module is manually unloaded or WinPcap is terminated.

Description:

iDefense have discovered that WinPcap, a software utility that is used to access Windows network traffic at the link level, and which is used by applications providing network traffic capture and analysis, is vulnerable to an issue that can allow a local user to run software of their choice on a vulnerable system.

The local user is able to achieve this through sending malicious network traffic to a system that is running a vulnerable version of WinPcap.

Mitigation:

Update to version 4.0.1 at an appropriate time.

Updates:

http://www.winpcap.org/misc/changelog.htm

Source:

http://labs.idefense.com/intelligence/vulnerabilities/

Exploits:

External Tracking Data:

Not Yet Identified


Social bookmark this page