GEAR Software CD DVD Filter Driver Insecure Method Local Privilege Escalation

high Nessus Plugin ID 34488

Synopsis

The remote Windows host has a kernel driver with an insecure method.

Description

The version of GEAR Software's CD DVD Filter kernel driver (GEARAspiWDM.sys) on the remote host contains an insecure method that allows a local user to make an unlimited number of calls to 'IoAttachDevice' from user-land, thereby enabling him to exploit a local privilege escalation flaw in the Microsoft Windows kernel in the 'IopfCompleteRequest' function.

Note that this driver may have been installed as part of a third-party application such as Apple iTunes, Norton 360, Norton Ghost, Norton Save and Restore, Backup Exec System Recovery, or Symantec LiveState Recovery.

Solution

Contact the appropriate vendor for an upgrade and verify that the version of the kernel driver is 2.0.7.5 or later.

See Also

http://www.nessus.org/u?fea106d5

https://www.securityfocus.com/archive/1/497131/30/0/threaded

http://www.nessus.org/u?bb341a9b

http://www.symantec.com/avcenter/security/Content/2008.10.07a.html

https://support.apple.com/en-us/HT3025

Plugin Details

Severity: High

ID: 34488

File Name: gearaspiwdm_priv_escalation.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 10/24/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: SMB/WindowsVersion, SMB/name, SMB/login, SMB/password

Exploit Ease: No known exploits are available

Reference Information

BID: 31089

CERT: 146896