CVE-2023-35326 in Windowsinfo

Summary

by MITRE • 07/11/2023

Windows CDP User Components Information Disclosure Vulnerability

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/06/2026

This vulnerability resides in the Windows Common Device Platform CDP user components which facilitate communication between local applications and device drivers through a standardized interface. The flaw manifests as an information disclosure weakness that allows unauthorized access to sensitive data structures and system information through improperly handled API calls within the CDP framework. According to CWE-200, this represents a classic information exposure vulnerability where the system inadvertently reveals internal state information to unauthenticated or unauthorized users.

The technical implementation involves the CDP user components failing to properly validate input parameters when processing device communication requests. Specifically, when applications interact with device drivers through the CDP interface, certain error handling routines do not adequately sanitize output data before returning it to requesting processes. This allows malicious actors to craft specific API calls that trigger information leakage from kernel memory regions, potentially exposing sensitive system details including driver version information, memory addresses, and internal data structures. The vulnerability operates at the application programming interface level where the CDP service layer does not enforce proper access controls or data isolation mechanisms.

From an operational perspective this vulnerability presents significant risks to system security as it enables attackers to gather intelligence about the target system's configuration and component versions. The information disclosed can be leveraged in subsequent attacks, particularly when combined with other reconnaissance techniques to identify potential exploitation targets within the device driver ecosystem. This aligns with ATT&CK technique T1082 which involves discovering system information through reconnaissance activities. Security researchers have noted that this vulnerability could facilitate privilege escalation attempts by providing attackers with detailed knowledge about kernel structures and driver interfaces, making it easier to craft targeted exploits against other weaknesses in the system.

Mitigation strategies include applying the latest security patches from Microsoft which address the improper input validation and output sanitization issues within the CDP user components. System administrators should also implement network segmentation to limit access to devices that expose CDP functionality, particularly in environments where untrusted users or applications might interact with device drivers. Additionally, monitoring for unusual API call patterns related to CDP services can help detect potential exploitation attempts. The vulnerability demonstrates the importance of proper input validation and output sanitization as outlined in OWASP top ten category a03, where insufficient logging and monitoring could allow continued exploitation of similar information disclosure flaws. Organizations should also consider implementing application whitelisting policies that restrict which applications can interact with CDP services to reduce the attack surface and prevent unauthorized access to sensitive device communication interfaces.

Responsible

Microsoft

Reservation

06/14/2023

Disclosure

07/11/2023

Moderation

accepted

CPE

ready

EPSS

0.00513

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!