13 matches found
EUVD-2019-7929
Malware in sbrugna...
ASUS Aura Sync 1.07.71 Privilege Escalation Exploit
// CVE-2019-17603: ASUS Aura Sync 1.07.71 'ene.sys' EoP Kernel Exploit // Discovered by @dhn // Author of PoC: Connor McGarr @33y0re - https://connormcgarr.github.io // Windows 10 RS1 Version 10.0.14393 Build 14393 // Tested with VBS, HyperGuard, and PatchGuard disabled include include include //...
ASUS Aura Sync Buffer Overflow Vulnerability
ASUS Aura Sync is a hardware light synchronization plug-in from Asus Taiwan, China. A security vulnerability exists in the Ene.sys file in ASUS Aura Sync 1.07.71 and earlier versions, which originates from the program failing to properly validate input sent to IOCTL 0x80102044, 0x80102050, and...
CVE-2019-17603
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...
Memory corruption
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...
CVE-2019-17603
Affected software: ASUS Aura Sync (Ene.sys) up to version 1.07.71. Vulnerability: IOCTL handling in Ene.sys does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, enabling local users to cause a denial of service (system crash) or gain privileges via crafted kernel addr...
CVE-2019-17603
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...
G.SKILL Trident Z Lighting Control Elevation of Privilege Vulnerability
G.SKILL Trident Z Lighting Control is a set of lighting control software from G.SKILL, Taiwan, China. An elevation of privilege vulnerability exists in the ene.sys driver in G.SKILL Trident Z Lighting Control 1.00.08 and earlier versions. An attacker can exploit this vulnerability to elevate...
CVE-2020-12446
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register MSR registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT...
CVE-2020-12446
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register MSR registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT...
Input validation
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register MSR registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT...
CVE-2020-12446
The CVE-2020-12446 entry concerns the ene.sys driver in G.SKILL Trident Z Lighting Control (up to version 1.00.08). The vulnerability arises from exposing mapping/unmapping of physical memory, and reading/writing to MSR registers, plus input/output with I/O ports, to local non-privileged users. T...
CVE-2020-12446
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register MSR registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT...