Main Vulnerability Database Exploits ID:8827 - Exploit for Buffer overflow in iQVW32.SYS and iQVW64.SYS - CVE-2015-2291

ID:8827 - Exploit for Buffer overflow in iQVW32.SYS and iQVW64.SYS - CVE-2015-2291

Published: February 12, 2023

Vulnerability identifier: #VU72129

Vulnerability risk: High

CVE-ID: CVE-2015-2291

CWE-ID: CWE-119

Exploitation vector: Local access

Vulnerable software:
iQVW32.SYS
iQVW64.SYS

Link to public exploit:

https://www.exploit-db.com/exploits/36392/

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the 0x80862013, 0x8086200B, 0x8086200F, and 0x80862007 IOCTL calls in the Intel Ethernet diagnostics driver for Windows. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild since December 2022 by Scattered Spider (aka Roasted 0ktapus or UNC3944).

Remediation

Install updates from vendor's website.

ID:8827 - Exploit for Buffer overflow in iQVW32.SYS and iQVW64.SYS - CVE-2015-2291

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human