HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory

Product HTC Windows Phone 7 Phones
Severity High
CVE Reference N/A
Type HTC Windows Phone 7 – Arbitrary Read/Write of Kernel Memory

A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.