WinPcap NPF.SYS Bpf_Filter_Init Function Local Privilege Escalation Vulnerability

WinPcap is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Note that an administrator must load the vulnerable driver ('NPF.SYS') by executing an application that depends on it. By default, the driver is not loaded; it can be loaded only by administrative users.

WinPcap 4.0.1 is vulnerable to this issue; previous versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus