Vulnerability CVE-2007-4315
Published: 2007-08-13   Modified: 2012-02-12

Description:
The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill".

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ATI -> Catalyst driver 
AMD -> Catalyst driver 

 References:
http://www.securityfocus.com/bid/25265
http://secunia.com/advisories/26448
http://blogs.zdnet.com/security/?p=438
http://blogs.zdnet.com/security/?p=427
Copyright 2024, cxsecurity.com

 

Back to Top