ASA-2019-00341 – Intel ITE Tech Consumer Infrared Driver: Improper permissions in the installer


Allele Security Alert

ASA-2019-00341

Identifier(s)

ASA-2019-00341, CVE-2018-3702, INTEL-SA-00206

Title

Improper permissions in the installer

Vendor(s)

Intel

Product(s)

Intel ITE Tech Consumer Infrared Driver

Affected version(s)

Intel ITE Tech Consumer Infrared Driver for Windows 10 versions before 5.4.3.0

Fixed version(s)

Intel ITE Tech Consumer Infrared Driver version 5.4.3.0 or later

Proof of concept

Unknown

Description

Improper permissions in the installer for the ITE Tech Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Technical details

Unknown

Credits

SaifAllah benMassaoud

Reference(s)

ITE Tech Consumer Infrared Driver for Windows 10 Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html

CIR_Win10_64_5.4.3.0.zip
https://downloadmirror.intel.com/28755/a08/CIR_Win10_64_5.4.3.0.zip

CVE-2018-3702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3702

CVE-2018-3702
https://nvd.nist.gov/vuln/detail/CVE-2018-3702

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 14, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.