HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
BID:50697
Info
HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
| Bugtraq ID: | 50697 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 16 2011 12:00AM |
| Updated: | Nov 16 2011 12:00AM |
| Credit: | Alex Plaskett of MWR InfoSecurity |
| Vulnerable: |
HTC HTC HD7 0 |
| Not Vulnerable: | |
Discussion
HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
HTC HD7 is prone to a security-bypass vulnerability.
An attacker can exploit this issue to read or write arbitrary data from or to kernel memory. This may allow the attacker to execute code in the context of kernel by bypassing security restrictions.
HTC HD7 is prone to a security-bypass vulnerability.
An attacker can exploit this issue to read or write arbitrary data from or to kernel memory. This may allow the attacker to execute code in the context of kernel by bypassing security restrictions.
Exploit / POC
HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
An attacker must trick a victim into installing a malicious application to exploit this issue.
An attacker must trick a victim into installing a malicious application to exploit this issue.
Solution / Fix
HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
Solution:
Reports indicate that a vendor fix is available. Please contact the vendor for more information.
Solution:
Reports indicate that a vendor fix is available. Please contact the vendor for more information.
References
HTC HD7 'HTCUtility.dll' IOCTL Security Bypass Vulnerability
References:
References:
- HD7 Homepage (HTC)
- HTC Windows Phone 7 �?? Arbitrary Read/Write of Kernel Memory (MWR InfoSecurity)