CVE-2021-42683

Vulnerability

A buffer overflow vulnerability exists in the Accops HyWorks Windows Client prior to v 3.2.8.200 [1]. The flaw resides in the IOCTL Handler 0x22001B, which processes specially crafted I/O Request Packets (IRP) from user mode. The affected driver component mishandles input data, allowing a local attacker to trigger memory corruption.

Exploitation

An attacker must have local access to the system and be able to send crafted IRP requests to the vulnerable IOCTL handler. No authentication or user interaction beyond local access is required. The exploit involves sending a specially crafted IRP to the device driver, triggering a buffer overflow that leads to memory corruption.

Impact

Successful exploitation results in arbitrary code execution in kernel mode, potentially leading to full system compromise. The attacker can also cause a denial of service by corrupting system memory and crashing the operating system. This allows privilege escalation from a local user to kernel-level control, enabling the attacker to disable security products, overwrite system components, or perform other malicious operations unimpeded [1].

Mitigation

The vulnerability is fixed in Accops HyWorks Windows Client version 3.2.8.200 and later [1]. Users should update to the latest version. SentinelLabs reported the vulnerability to Accops during Q2 2021, and the vendor released a security update. No evidence of in-the-wild exploitation has been observed as of the advisory publication [1].