Skip to main content

Windriver CVE-2017-14075

HIGH
Out-of-bounds Write (CWE-787)
2017-09-11 cve@mitre.org
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 11, 2017 - 17:29 cve.org
HIGH 7.8

DescriptionCVE.org

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.

AnalysisAI

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. Affected products include: Jungo Windriver.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2017-14153 HIGH POC
7.8 Sep 11

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high sever

CVE-2017-14344 HIGH POC
7.8 Sep 12

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high sever

CVE-2018-5189 HIGH POC
7.8 Jan 11

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain syste

CVE-2018-10072 MEDIUM POC
5.5 Apr 12

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x9538

CVE-2018-10071 MEDIUM POC
5.5 Apr 12

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x9538

CVE-2018-9136 MEDIUM POC
5.5 Mar 30

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafte

CVE-2018-8821 MEDIUM POC
5.5 Mar 20

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafte

CVE-2024-26314 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and

CVE-2024-25088 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute

CVE-2024-25086 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute

CVE-2024-22106 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute ar

CVE-2024-25087 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue sc

Share

CVE-2017-14075 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy