In association with heise online

11 July 2007, 08:39

Escalated Privileges in WinPcap

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service iDefense has reported a vulnerability in WinPcap which allows local users to escalate their privileges. WinPcap provides drivers that applications can use to record network packets. The bug resides in the driver npf.sys. This incorrectly checks parameters passed to IOCTL 9031 (BIOCGSTATS) when processing an interrupt request packet (IRP), allowing attackers to use manipulated requests to overwrite kernel memory and cause their own program code to run.

The bug is in version of npf.sys and possibly prior versions. This version is installed, for example, when installing the version of WinPcap which is included in Wireshark 0.99.5. The current version of WinPcap, 4.0.1, closes the security hole and users should install it without delay.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit