HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory
- Published: 10 Nov 2011
HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory
Share
Type
- HTC Windows Phone 7 – Arbitrary Read/Write of Kernel Memory
Severity
- High
Affected products
- HTC Windows Phone 7 Phones
Date
- 2011-11-10
CVE Reference
- N/A
A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.