PCAUSA's Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. This vulnerability may be exploited to perform local privilege escalation on Windows systems.
The Rawether framework for Windows, originally produced by Printing Communications Assoc., Inc. (PCAUSA), is a framework that facilitates communication between an application and the Network Driver Interface System (NDIS) protocol. This framework is used by many different hardware vendors in their WiFi and router control applications. Rawether implements the Berkeley Packet Filter (BPF) mechanism. BPF filters are compiled into small programs that are executed by a BPF virtual machine.
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2017-3196
A local authenticated attacker may be able to execute a malicious BPF program that can execute arbitrary code with SYSTEM privileges.
Apply an update or uninstall affected software
This issue was reported publicly by "ReWolf" (@rwfpl).
This document was written by Garret Wassermann.
|Date First Published:||2017-03-21|
|Date Last Updated:||2017-04-21 04:50 UTC|