- Webcam for Remote Desktop 2.8.42, ftwebcam.sys 2.8.11.0, DoS
- https://www.fabulatech.com/webcam-for-remote-desktop.html
Denial of Service
From IoControlCode 0x222010 and 0x222018, a normal user can cause null pointer dereference due to the lack of validating the return value of ExAllocatePoolWithTag, which leads to DoS.
In the attached file DoS1.zip, there are DoS1.exe, DoS1.cpp, webcam-for-remote-desktop-server-64bit.msi, and ftwebcam.sys. DoS1.exe is the PoC to cause BSOD where webcam-for-remote-desktop-server-64bit.msi contains the vulnerable driver ftwebcam.sys installed, and DoS1.cpp is the source code of DoS1.exe. To reproduce the issue, install webcam-for-remote-desktop-server-64bit.msi and execute DoS1.exe. It is expected that the system will crash (BSOD) once DoS1.exe is executed. Password for attachment: DoS1 DoS1.zip