Realtek has recently confirmed a serious vulnerability in its HD Audio Driver Package for Windows. Upon exploit it could allow an adversary to evade security mechanisms and gain persistence on the target system.
SafeBreach Labs have discovered a serious vulnerability in the Realtek HD Audio Driver Package for Windows. As stated in their advisory , they found a DLL hijacking flaw that could result in severe security threats to target Windows systems.
According to the researchers, the vulnerability CVE-2019-19705 could allow an attacker to execute malicious code. The flaw affected the “HD Audio Background Process” (RAVBg64.exe) that executed as NT AUTHORITY\SYSTEM. Upon execution, the process tried to load missing DLL files.
Once executed, the process tries to load RAVBg64ENU.dll and RAVBg64LOC.dll (which are not located in) its own directory.
At this point, an attacker with admin privileges could upload an arbitrary DLL and execute malicious code. This became possible due to the lack of signature validation and the use of outdated software.
The researchers have shared the proof-of-concept for this vulnerability in their advisory .
The Realtek HD Audio Driver bug could have serious consequences in case of exploitation. For instance, it could allow an adversary to bypass whitelisting and execute malicious code in a persistent way.
As confirmed in the Realtek’s advisory , the bug affected the Realtek HD Audio Driver version Legacy (non-DCH type) driver 184.108.40.20655. Hence, all PCs bearing the Realtek sound cards became vulnerable to the flaw.
Consequently, the vendors patched the flaw with the release of Realtek High Definition Audio Driver Legacy (non-DCH) driver 220.127.116.1156.
Users must ensure that their systems are running the latest version of Realtek HD Audio Driver to stay protected from potential exploitation.
Earlier, SafeBreach Labs also reported similar bugs in the numerous antivirus programs and other software such as TeamViewer.
- Packet Fingerprinting with Wireshark and Detecting NMap Scans cvv sites, cvv store
- Кандидат в президенты США рассказал о своем хакерском прошлом cvvstore, valid cc shop
- Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances buy cvv, feshop cc
- European Banking Authority victim in Microsoft Exchange Server hack dump shop, buying cvv
- Starting an InfoSec Career – The Megamix – Chapter 6 cvv dump, credit card dumps
Recent CommentsNo comments to show.