SRC-2017-0026 : Jungo DriverWizard WinDriver Kernel Pool Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Jungo has not issued an update to correct this vulnerability.
- 2017-08-22 – Verified and sent to Jungo via [email protected]/[email protected]/[email protected]/[email protected]
- 2017-08-25 – No response from Jungo and two bounced emails
- 2017-08-26 – Attempted a follow up with the vendor via website chat
- 2017-08-26 – No response via the website chat
- 2017-09-03 – Recieved an email from a Jungo representative stating that they are "looking into it"
- 2017-09-03 – Requested a timeframe for patch development and warned of possible 0day release
- 2017-09-06 – No response from Jungo
- 2017-09-06 – Public 0day release of advisory
Proof of Concept:
This vulnerability was discovered by Steven Seeley (mr_me) of Source Incite