Title: Realtek HD Audio Codec Drivers for Windows Vista Multiple Local Privilege Escalation Vulnerabilities
Severity: HIGH
Description:
Realtek HD Audio Codec Drivers for Windows Vista are prone to multiple local privilege-escalation vulnerabilities:
- Internal routines allow user-mode applications to create or modify arbitrary registry keys from a specially crafted IOCTL request. These routines were intended for development purposes only, but were inadvertently left in the released version.
- The drivers fail to sufficiently validate user-mode buffers, which can allow memory overwrites because of integer overflows.
An attacker can exploit these issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.
These issues affect both the 32-bit and 64-bit implementations of the HD Audio Codec Drivers for Windows Vista prior to R1.91. Specifically, the following files are vulnerable:
- RTKVHDA.sys prior to 6.0.1.5605 (32-bit)
- RTKVHDA64.sys prior to 6.0.1.5605 (64-bit)
Affected Products:
- Realtek Semiconductor Corp. HD Audio Codec Driver R1.90
References:
- Realtek Semiconductor Corp.: High Definition Audio Codecs
- Realtek Semiconductor Corp.: Vendor Homepage
- Wintercore: Advisory W01-0408: RealTek HD Audio Codec Driver Local Privilege Escalation
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
