Compaq Easy Access keyboard software allows elevation of local privileges
| compaq-ea-elevate-privileges (5718) |  Medium Risk |
Description:
Compaq Easy Access could allow a local attacker to gain elevated privileges, due to a vulnerability in the custom keys. A vulnerability in version 1.3 allows custom key functions to be set by the local user because the keys hasbeen locked.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of Compaq (1.5.1 or later), available from the Compaq Web site. See References.
References:
- Compaq Revision History Web site: iPAQ Easy Access Keyboard Software.
- Compaq Web site: Download.
- NTBugTraq Mailing List, Thu, 12 Oct 2000 09:36:40 -0400: Security issue with Compaq Easy Access Keyboard software.
- CVE-2000-0946: Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.
- OSVDB ID: 5831: Compaq Easy Access Keyboard Screen Lock Bypass
Platforms Affected:
- Compaq Easy Access Keyboard Software 1.3
Reported:
Oct 12, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net