iDefense Security Advisory 11.06.07 - Local exploitation of a design error vulnerability in Microsoft's DebugView could allow attackers to execute arbitrary kernel code. As part of its design, DebugView loads a kernel module Dbgv.sys. This module includes functionality that can be abused to copy user supplied data into the kernel, to controlled addresses. This allows malicious users to inject arbitrary code into the running kernel. iDefense confirmed the existence of this vulnerability in Microsoft DebugView version 4.64. The specific file version of Dbgv.sys is 4.60.0.0. This file is deleted automatically after being loaded and will not be found on disk. Previous versions are suspected to be vulnerable as well.
0b00f9045bac936d268732de36b5e66cbcf489bf0fd354410de4b492a97276f0