Webcam for Remote Desktop, ftwebcam.sys, DoS
Vulnerability Info
Version
- Webcam for Remote Desktop 2.8.42, ftwebcam.sys 2.8.11.0, DoS
- https://www.fabulatech.com/webcam-for-remote-desktop.html
Impact
Denial of Service
Description
From IoControlCode 0x222018, a normal user can cause DoS due to the lack of validating SystemBuffer.
Reproduce
In the attached file DoS3.zip, there are DoS3.exe, DoS.3cpp, webcam-for-remote-desktop-server-64bit.msi, and ftwebcam.sys. DoS3.exe is the PoC to cause BSOD where webcam-for-remote-desktop-server-64bit.msi contains the vulnerable driver ftwebcam.sys installed, and DoS3.cpp is the source code of DoS3.exe. To reproduce the issue, install webcam-for-remote-desktop-server-64bit.msi and execute DoS3.exe. It is expected that the system will crash (BSOD) once DoS3.exe is executed. Password for attachment: DoS3 DoS3.zip