The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
osvdb.org/37889
secunia.com/advisories/25982
securitytracker.com/id?1018350
www.securityfocus.com/archive/1/473270/100/0/threaded
www.securityfocus.com/archive/1/473297/100/0/threaded
www.securityfocus.com/archive/1/473301/100/0/threaded
www.securityfocus.com/bid/24829
www.vupen.com/english/advisories/2007/2468
www.winpcap.org/misc/changelog.htm
exchange.xforce.ibmcloud.com/vulnerabilities/35309
www.exploit-db.com/exploits/4165