Skip to content
Synaptics Audio Driver LPE
Branch: master
Clone or download
Latest commit 557535c Apr 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CxUtilSvcExploit Add code. Apr 14, 2019
.gitignore
CxSandbox.sln Add code. Apr 14, 2019
LICENSE
README.md

README.md

CVE-2019-9730: Synaptics Audio Driver LPE

The vulnerability in this driver package was with the CxUtilSvc system service. It hosted a COM object that low-privileged code can use to perform arbitrary reads and writes to the registry as SYSTEM. The .NET code adds the IRegistryHelper COM interface as a reference to invoke its methods.

In terms of exploitation, a less subtle approach is used that replaces the binary path of a given service with a command that creates a local Administrator account. Although standard user accounts cannot start/stop every service, there is usually a small subset where they can (e.g. ose). They can also reboot the system if they cannot immediately start a service.

Write-up and technical advisory here: http://jackson-t.ca/synaptics-cxutilsvc-lpe.html.

Affected Vendors

This list is not comprehensive.

You can’t perform that action at this time.