Advisory Details

May 12th, 2015

(Pwn2Own) Microsoft Windows CNG Information Disclosure Vulnerability

ZDI-15-189
ZDI-CAN-2834

CVE ID CVE-2015-1674
CVSS SCORE 4.9, (AV:L/AC:L/Au:N/C:C/I:N/A:N)
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Windows
VULNERABILITY DETAILS


This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the cng.sys driver. The issue lies in a series of IOCTLs that return pointers to functions within the driver. An attacker can leverage this together with another vulnerability to achieve code execution under the context of SYSTEM.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/library/security/MS15-052
DISCLOSURE TIMELINE
  • 2015-03-19 - Vulnerability reported to vendor
  • 2015-05-12 - Coordinated public release of advisory
CREDIT lokihardt@ASRT
BACK TO ADVISORIES