Microsoft Windows CE KDatastruct Information Disclosure Vulnerability

Microsoft Windows CE KDatastruct Information Disclosure Vulnerability

An information disclosure vulnerability is reported to affect the Windows CE kernel.

It is reported that the kernel memory structure KDataStruct is available to userland applications. This can be ultimately employed on any Windows CE system to gain addresses of the export sections of several kernel libraries.

This vulnerability is exploited by the virus WinCE.Duts.A (MCID 3238) in order to provide portability and reliability.