• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

CPUID Exploited

mysticsniper

mysticsniper

mysticsniper

Soldato
Joined
1 May 2003
Posts
11,196
Anyone noticed that there is an ongoing exploit for CPUID (CPU-Z), all versions up to V1.81?

I was quite surprised how many 3rd party applications/tools are using this as part of their CPU monitoring tools.

https://www.cvedetails.com/cve/CVE-2017-15302/

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behaviour (for ACPI scan functionality); the security issue is the lack of an ACL.
Click to expand...

Exploit: https://github.com/shareef12/cpuz

If affects all Windows OS from Win XP - to Win 10 v1609 which I think is the equivalent to Windows server 2016.

For example Corsair iCUE uses CPUID version 1.50 which is affected. Users need to stop this corsair service in services.msc to remove cpuz150_x64.sys from the temp folder.

:)
 
dannywaugh1 said:
Good find, hopefully it will be patched in future releases as well as those manufactures like Corsair who also use the software.
Click to expand...

The latest version 1.95, which everyone should be using, as well as making sure to install the latest OS updates. ;)

Corsair are aware, although no updates yet. I'm sure there are more companies unaware that they are using an exploited version.
 
Last edited:
It's always been here, for example Microsoft have never released a completed software version of anything ever!

However the way the internet has evolved and how the threat landscape has changed, its been brought to the forefront more through media etc..

Plus there is a lot of money in bug bounties, finding exploits and vulnerabilities ;)
 
You must log in or register to reply here.
Back
Top Bottom