Main Vulnerability Database Exploits ID:4849 - Exploit for Input validation error in Synapse - CVE-2017-9769

ID:4849 - Exploit for Input validation error in Synapse - CVE-2017-9769

Published: November 17, 2020

Vulnerability identifier: #VU38607

Vulnerability risk: High

CVE-ID: CVE-2017-9769

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Synapse

Link to public exploit:

https://github.com/alexa872/CVE-2017-9769-exploits

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

Remediation

Install update from vendor's website.

ID:4849 - Exploit for Input validation error in Synapse - CVE-2017-9769

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human