Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12576
HistoryMay 07, 2006 - 12:00 a.m.

Intel wireless service s24evmon.exe confidential information disclosure.

2006-05-0700:00:00
vulners.com
12
JSON

S24EvMon.exe is a service which is part (at least) of the Intel PROset/Wireless software. This application
is provided by Intel in order to support intel Wireless Devices based on Spectrum 24 chipsets.

This service uses a shared memory section which is created without the proper security descriptor, allowing
unprivileged users to perform operations like Delete, Read or Write into the memory. The section is named
“S24EventManagerSharedMemory”

This shared memory is used to store ,in plain text, confidential information like WEP Key, Passwords…

The successful exploitation of this vulnerability could allow to any unprivileged user to access
confidential information,exposing the network. An important mitigating factor is that the vulnerability is
local, nevertheless some Malware could take advantage of this flaw.

Further information and exploit code at www.reversemode.com

Regards,
Rubйn

JSON