CVE-2015-2291
CVE-2015-2291
In short
A flaw in Intel's Windows Ethernet diagnostics driver allows a local attacker to crash the system or run malicious code with the highest system privileges by sending specially crafted commands to the driver.
Technical detail
The IQVW32.sys and IQVW64.sys kernel drivers (versions before 1.3.1.0) fail to properly validate IOCTL input (CWE-20) for commands 0x80862013, 0x8086200B, 0x8086200F, and 0x80862007, enabling local code execution or denial of service with kernel-level privileges.
Summary generated and translated by AI from the official description.
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 7
githubgithub.com/gmh5225/CVE-2015-2291★ 5githubgithub.com/Tare05/Intel-CVE-2015-2291★ 5githubgithub.com/paysonism/CVE-2015-2291-Spoofer-Analysis★ 2githubgithub.com/ethanedits/iqvw64e-privilege-escalation★ 2exploitdbwww.exploit-db.com/exploits/36392unverifiedcve_referencepacketstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.htmlunverifiedcve_referencewww.exploit-db.com/exploits/36392/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.htmlhttps://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-frhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2291https://www.exploit-db.com/exploits/36392/http://www.securityfocus.com/bid/79623