In his article, "Exploiting WDM Audio Drivers," Rubén Santamarta describes potential vulnerabilities in WDM drivers that allow local users to escalate their privileges on systems. He explains how possible driver initialisation problems can cause a NULL-pointer dereference, allowing attackers to execute arbitrary code in the kernel.
Santamarta decribes the problem with a driver developed for Windows 2000 and XP that is also used with Vista, which is how the problem came to light. After reading this article, WDM driver developers should be equipped to determine whether similar vulnerabilities are present in their own drivers.
- Exploiting WDM Audio Drivers, by Rubén Santamarta