|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=621
|
| |
Vulnerable Systems:
* Microsoft DebugView version 4.64. The specific file version of Dbgv.sys is 4.60.0.0. This file is deleted automatically after being loaded and will not be found on disk.
* Previous versions are suspected to be vulnerable as well.
As part of its design, DebugView loads a kernel module Dbgv.sys. This module includes functionality that can be abused to copy user supplied data into the kernel, to controlled addresses. This allows malicious users to inject arbitrary code into the running kernel.
Exploitation allows attackers to modify the kernel, resulting in the arbitrary execution of code in kernel context.
In order to exploit this vulnerability, an administrator must launch the DebugView application, which will load the Dbgv.sys driver into the kernel. Once loaded, the vulnerable kernel module will be accessible by all users, and will remain loaded until the system is rebooted.
Vendor Status:
Microsoft Sysinternals has addressed this vulnerability by releasing version 4.72 of DebugView.
http://www.microsoft.com/technet/sysinternals/utilities/debugview.mspx
CVE Information:
CVE-2007-4223
Disclosure Timeline:
* 08/21/2007 - Initial vendor notification
* 08/21/2007 - Initial vendor response
* 11/06/2007 - Public disclosure
|
|
|
|
|
