OSVDB ID: 44643

Title: Realtek HD Audio Codec Driver RTKVHDA.sys / RTKVHDA64.sys IOCTL Request Handling Overflow

Info

Disclosure

Apr 23, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 23, 2008

Description

A buffer overflow exists in HD Audio Codec Driver. RTKVHDA.sys and RTKVHDA64.sys fail to validate IOCTL requests resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 6.0.1.5605 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Realtek Semiconductor Corporation

HD Audio Codec Driver

6.0.1.5334

References

CVE ID: 2008-1932 (see also: NVD)
Bugtraq ID: 28909
Secunia Advisory ID: 29953
Related OSVDB ID: 44642
VUPEN Advisory: ADV-2008-1350
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-04/0310.html
Other Advisory URL: http://www.wintercore.com/advisories/advisory_W010408.html

Credit

Ruben Santamarta - advisoriesreversemode.com -

Direct URL: http://osvdb.org/44643