Friday, August 30, 2019

TSA-2019-001: Asus Precision TouchPad 11.0.0.25 (Pool Overflow)

Telspace Systems Security Advisory

TSA-2019-001: Asus Precision TouchPad 11.0.0.25 (Pool Overflow)
CVE number: CVE-2019-10709

Summary:

The AsusPTPFilter.sys driver on the Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTPdevice, leading to a DoS and could potentially lead to privilege escalation via a crafted DeviceIoControl call with a specific IOCTL code.

Vendor:

Asus

Product:

Asus Precision TouchPad

Version:

11.0.0.25

Vendor:

Proof of Concept:

  
Details and crash information:







Vendor response:

The vendor has patched the vulnerability and released a new version. 

Disclosure Timeline:

25-03-2019 – Initial Discovery
27-03-2019 – Vendor Notification
29-08-2019 – Vendor Patch
30-08-2019 – Public Disclosure

Credit:

This vulnerability was discovered by Athanasios Tserpelis of Telspace Systems