GEAR Software CD DVD Filter Driver 'GEARAspiWDM.sys' Local Privilege Escalation Vulnerability

GEAR Software CD DVD Filter driver ('GEARAspiWDM.sys') is prone to a local privilege-escalation vulnerability caused by an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

GEAR Software CD DVD filter driver is used by the following products:

Apple ITunes prior to 8.0
Norton 360 2.0 and prior
Norton Ghost 14 and prior
Norton Save and Restore 2.0 and prior
Backup Exec System Recovery 6, 7, and 8
Symantec LiveState Recovery

NOTE: This BID was previously titled 'Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability', but new information has allowed us to update the BID to better reflect the root cause of the issue.


Privacy Statement
Copyright 2010, SecurityFocus