HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory
- Published: 10 Nov 2011
- Type: HTC Windows Phone 7 – Arbitrary Read/Write of Kernel Memory
- Severity: High
Affected Products
HTC Windows Phone 7 Phones
A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.