CVE-2015-2291 – Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2015-2291

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. (1) IQVW32.sys en versiones anteriores a la 1.3.1.0 y (2) IQVW64.sys en versiones anteriores a la 1.3.1.0 en el controlador de diagnósticos de Intel Ethernet para Windows permite que usuarios locales provoquen una denegación de servicio o, posiblemente, ejecuten código arbitrario con privilegios kernel mediante una llamada IOCTL (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F o (d) 0x80862007 manipulada. Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). • https://www.exploit-db.com/exploits/36392 https://github.com/Tare05/Intel-CVE-2015-2291 http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html http://www.securityfocus.com/bid/79623 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr • CWE-20: Improper Input Validation •