CVE-2007-5761 Information

Description

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys) which allows local users to gain privileges or cause a denial of service (system crash) as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=636 http://secunia.com/advisories/28366 http://securitytracker.com/id?1019161 http://www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf http://www.securityfocus.com/bid/27175 http://www.vupen.com/english/advisories/2008/0062 https://exchange.xforce.ibmcloud.com/vulnerabilities/39503