Lucene search

CERTVU:146896

HistoryOct 07, 2008 - 12:00 a.m.

Gear Software CD DVD Filter driver privilege escalation vulnerability

2008-10-0700:00:00

www.kb.cert.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Overview

The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges.

Description

Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD recording applications. The Gear Software CD DVD Filter driver allows unlimited calls to IoAttachDevice from a user-space application. By making multiple calls to IoAttachDevice, an attacker may be able to exploit an integer overflow in the Microsoft Windows kernel to execute code with SYSTEM privileges.

Impact

An attacker may be able to execute code with SYSTEM privileges.

Solution

Apply an update

This issue is addressed in GEAR driver version 4.001.7, which provides GEARAspiWDM.sys version 2.0.7.5. This version of the CD DVD Filter driver limits the number of IoAttachDevice calls that can be made. Please check with your software vendor for updates that contains this fixed driver. If no update is available, the stand-alone driver from GEAR may be installed.

Apple iTunes users should install iTunes 8.0, as specified in the About the security content of iTunes 8.0 document.

Symantec customers using Norton 360, Norton Ghost, Norton Save and Restore, Backup Exec System Recovery, and Symantec LiveState Recovery should apply an update, as specified in the Symantec Security Advisory SYM08-017.

Vendor Information

146896

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Notified: March 13, 2008 Updated: October 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed in iTunes 8.0. Please see Apple Security Update APPLE-SA-2009-09-09 for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23146896 Feedback>).

GEAR Software, Inc. __ Affected

Notified: March 13, 2008 Updated: October 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed in GEAR driver version 4.001.7, which provides GEARAspiWDM.sys version 2.0.7.5.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23146896 Feedback>).

Symantec, Inc. __ Affected

Notified: March 13, 2008 Updated: October 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23146896 Feedback>).