HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory

    Type

  • HTC Windows Phone 7 – Arbitrary Read/Write of Kernel Memory
  • Severity

  • High
  • Affected products

  • HTC Windows Phone 7 Phones
  • Date

  • 2011-11-10
  • CVE Reference

  • N/A

A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.