ASUS Aura Sync: Stack-Based Buffer Overflow

0x01: Details Advisory: ASUS Aura Sync 1.07.71 ene.sys Stack-Based Buffer Overflow Advisory ID: DH-ADV-2019-001 CVE ID: CVE-2019-17603 Revision: 1.1 Last Modified: 2019/10/14 Date Reported: 2019/09/08 Advisory Published: 2020/06/01 Affected Software: Asus Aura Sync Remotely Exploitable: No Locally Exploitable: Yes Vendor URL: https://www.asus.com/ 0x02: Vulnerability details The kernel driver ene.sys shipped with ASUS Aura Sync version 1.07.71 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in:...

June 1, 2020 · 5 min · dhn