Title: Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability
Severity: MODERATE
Description:
Creative Ensoniq PCI ES1371 WDM drivers are prone to a local privilege-escalation vulnerability.
This issue occurs when the vulnerable device drivers try to dereference a NULL pointer. User-space processes can map memory at 0, allowing attackers to execute arbitrary code with elevated privileges. This occurs only in certain circumstances, when affected drivers are running in Windows Vista operating systems.
One particular scenario is when legacy game port devices are present on Microsoft Windows Vista computers. Due to a complex failure of the device driver and operating system to properly implement Kernel Streaming APIs for the legacy hardware, a NULL pointer will be present. This NULL pointer will allow unprivileged attackers to execute arbitrary code in the context of the affected device driver.
Successful exploits allow local users to execute arbitrary machine code with kernel-level privileges, facilitating the complete compromise of affected computers.
This issue occurs when the vulnerable driver is running in a Microsoft Windows Vista environment. This occurs in VMware Server and Workstation environments when running Microsoft Vista guest operating systems with sound enabled.
This issue affects 'es1371mp.sys' 5.1.3612.0. Given the nature of the issue, other device drivers and versions may also be vulnerable, but this has not been confirmed.
Affected Products:
- Creative Labs Ensoniq PCI ES1371 WDM Driver 5.1.3612.0
- Microsoft Windows Vista
- Microsoft Windows Vista Business
- Microsoft Windows Vista Business 64-bit edition
- Microsoft Windows Vista Enterprise
- Microsoft Windows Vista Enterprise 64-bit edition
- Microsoft Windows Vista Home Basic
- Microsoft Windows Vista Home Basic 64-bit edition
- Microsoft Windows Vista Home Premium
- Microsoft Windows Vista Home Premium 64-bit edition
- Microsoft Windows Vista Ultimate
- Microsoft Windows Vista Ultimate 64-bit edition
- Microsoft Windows Vista x64 Edition
References:
- Creative Technologies: Creative Homepage
- Microsoft: Windows Vista Homepage
- Ruben Santamarta: Exploiting WDM Audio Drivers
- VMware: VMware Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
