VAR-190001-0049
Vulnerability from variot - Updated: 2022-05-17 02:00HTC HD7 is a mobile phone equipped with Windows Phone platform. HTC HD7 has an error in the HTCUtility.dll driver when processing 0x9020002C IOCTL. An attacker can exploit the vulnerability to read data from any kernel memory or write data to any kernel memory. HTC HD7 is prone to a security-bypass vulnerability. This may allow the attacker to execute code in the context of kernel by bypassing security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hd7",
"scope": null,
"trust": 0.6,
"vendor": "htc",
"version": null
},
{
"model": "hd7",
"scope": "eq",
"trust": 0.3,
"vendor": "htc",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex Plaskett of MWR InfoSecurity",
"sources": [
{
"db": "BID",
"id": "50697"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTC HD7 is a mobile phone equipped with Windows Phone platform. HTC HD7 has an error in the HTCUtility.dll driver when processing 0x9020002C IOCTL. An attacker can exploit the vulnerability to read data from any kernel memory or write data to any kernel memory. HTC HD7 is prone to a security-bypass vulnerability. This may allow the attacker to execute code in the context of kernel by bypassing security restrictions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50697",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-4922",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-305",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
]
},
"id": "VAR-190001-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
}
]
},
"last_update_date": "2022-05-17T02:00:57.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTC HD7 \u0027HTCUtility.dll\u0027 IOCTL Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5928"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://labs.mwrinfosecurity.com/files/advisories/mwri_htc-htcutility-kernmem_2011-11-10.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50697"
},
{
"trust": 0.3,
"url": "http://www.htc.com/uk/smartphones/htc-hd7/"
},
{
"trust": 0.3,
"url": "http://labs.mwrinfosecurity.com/files/advisories/mwri_htc-htcutility-kernmem_2011-11-10.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"date": "2011-11-16T00:00:00",
"db": "BID",
"id": "50697"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"date": "2011-11-16T00:00:00",
"db": "BID",
"id": "50697"
},
{
"date": "2011-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTC HD7 \u0027HTCUtility.dll\u0027 IOCTL Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4922"
},
{
"db": "BID",
"id": "50697"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "50697"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…