Cisco Vulnerability Spotlight: Local Code Execution via the Intel HD Graphics Windows Kernel Driver
This vulnerability was discovered by Piotr Bania. #Talos, in coordination with #Intel, is disclosing the discovery of TALOS-2016-0087, a local arbitrary code execution vulnerability within the Intel HD Graphics #Windows Kernel Driver. #Cisvo, #Nutanix This vulnerability exists in the communication functionality of the driver and can be exploited if a specially crafted message is sent to the driver, resulting in a denial of service or arbitrary code execution. Note that exploitation of this vulnerability is only achievable in local contexts. This vulnerability has been responsibly disclosed to Intel in accordance with our Vulnerability Reporting and Disclosure guidelines. DETAILS ON TALOS-2016-0087 TALOS-2016-0087 (CVE-2016-5647) is an arbitrary code execution vulnerability in the Intel HD Graphics Kernel Mode Driver for Windows. This vulnerability can be triggered by sending a specially crafted D3DKMTEscape request to the Intel HD Graphics driver, resulting in a NULL dereference. An attacker could leverage this vulnerability to achieve a denial of service attack or execute arbitrary code on an affected system. Exploitation of this flaw is limited to local contexts, such as a user executing a binary designed to exploit a system affected by TALOS-2016-0087.