OSVDB ID: 44642

Title: Realtek HD Audio Codec Driver RTKVHDA.sys / RTKVHDA64.sys Crafted IOCT Request Arbitrary Registry Key Manipulation

Info

Disclosure

Apr 23, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 23, 2008

Description

HD Audio Codec Driver contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a specially crafted IOCTL request, and allows an attacker to create, read and write arbitrary registry keys. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 6.0.1.5605 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Realtek Semiconductor Corporation

HD Audio Codec Driver

6.0.1.5334

References

CVE ID: 2008-1931 (see also: NVD)
Bugtraq ID: 28909
Secunia Advisory ID: 29953
Related OSVDB ID: 44643
VUPEN Advisory: ADV-2008-1350
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-04/0310.html
Other Advisory URL: http://www.wintercore.com/advisories/advisory_W010408.html

Credit

Ruben Santamarta - advisoriesreversemode.com -

Direct URL: http://osvdb.org/44642