Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability

Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability

An unspecified buffer overflow vulnerability affects USB drivers in Microsoft Windows operating systems. This issue is due to a failure of the affected driver to properly bounds check input provided by USB devices.

This issue presents itself when USB devices are attached to computers running affected device drivers. Upon insertion, the operating system automatically loads the appropriate device driver to handle the new hardware. By maliciously altering the data returned to the operating system, it is possible to overflow memory used in the affected USB device driver.

The information currently available is insufficient to provide a more in-depth technical description. This BID will be updated as more details become available.

An attacker may leverage this issue to execute arbitrary machine code with System privileges on affected computers, or cause the affected computer to crash. This would occur by attaching a malicious USB device to affected computers, without the need for an account on the computer.