SB2017080206 - Multiple vulnerabilities in Matrix Synapse

Description

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-14398)

The vulnerability allows a local authenticated user to execute arbitrary code.

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to DevicePhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.

2) Input validation error (CVE-ID: CVE-2017-9769)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

Remediation

Install update from vendor's website.

References

• https://twitter.com/FuzzySec/status/907722788219256832
• http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess
• https://warroom.securestate.com/cve-2017-9769/
• https://www.exploit-db.com/exploits/42368/