CVE-2019-19452

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.

Recent assessments:

FULLSHADE at April 21, 2020 3:30pm UTC reported:

Overview

A vulnerability was discovered within the Viper driver RGB version 11, where it did not properly perform input sanitize action against IOCTL 0x80102040 input from user mode. Successful exploitation of this vulnerability leads to the escalation of a user’s privilege, allowing for an unauthorized and unauthenticated user to obtain system privileges. The vulnerability class for this driver CVE is a standard stack-based buffer overflow.

A proof-of-concept does exist, provided by core security, the proof-of-concept is proven to work on a Windows 7 system, porting this vulnerability to a higher version of Windows would require additional security mitigation bypasses.

Impact

Including this vulnerable version of this driver on your system will lead to a degradation of integrity and diminishes all aspects of security for the host. This vulnerable driver allows for an attacker to obtain higher levels of privilege than they’re supposed to have from an unauthenticated standpoint.

Recommended remediation

The recommended remediation for this vulnerability is to update your drivers and to follow any guidelines for updating the software that provides this vulnerable driver.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5