12 Mar 2012
DAEMON Tools Lite 4.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
ADLab has discovered a vulnerability in DAEMON Tools, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
The vulnerability is caused due to an indexing error when processing the 0x00222850 IOCTL in dtsoftbus01.sys. This can be exploited to write a DWORD value into arbitrary kernel memory.
Successful exploitation may allow execution of arbitrary code with SYSTEM privileges.
The vulnerability is confirmed in version 4.41.3.0173. Other versions may also be affected.
Update to version 4.45.3.0297.
ADLab, VenusTech via Secunia.