Compaq Easy Access keyboard software allows elevation of local privileges
| compaq-ea-elevate-privileges (5718) |  Medium Risk |
Description:
Compaq Easy Access could allow a local attacker to gain elevated privileges, due to a vulnerability in the custom keys. A vulnerability in version 1.3 allows custom key functions to be set by the local user because the keys hasbeen locked.
Platforms Affected:
- Compaq, Easy Access Keyboard Software 1.3
Remedy:
Upgrade to the latest version of Compaq (1.5.1 or later), available from the Compaq Web site. See References.
Consequences:
Gain Privileges
References:
- Compaq Revision History Web site, iPAQ Easy Access Keyboard Software at http://www5.compaq.com/support/files/desktops/us/revision/1723.html.
- Compaq Web site, Download at http://www5.compaq.com/support/files/desktops/us/download/9068.html.
- NTBugTraq Mailing List, Thu, 12 Oct 2000 09:36:40 -0400, Security issue with Compaq Easy Access Keyboard software at http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0010&L=ntbugtraq&F=&S=&P=3269.
- CVE-2000-0946: Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.
- OSVDB ID: 5831: Compaq Easy Access Keyboard Screen Lock Bypass
Reported:
Oct 12, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net