| Title | Wincor Nixdorf Wincor Nixdorf PORT IO Driver <=1.0.0.1 Buffer Overflow |
|---|
| Description | The Wincor Nixdorf PORT IO Driver 'wnport.sys' contains 4 vulnerable IOCTL codes: 0x80102040, 0x80102044, 0x80102050, and 0x80102054. These flaws arise due to insufficient input validation within the IOCTL_DEVICEIO_CONTROL_FUNCTION subroutine at sub_11100. Specifically, the driver fails to properly check the length of the input buffer against the internal buffer size limit, allowing an attacker to send a buffer that exceeds the allocated stack space.
Exploiting these vulnerable IOCTLs can have severe consequences. By sending a large input buffer via DeviceIoControl, an attacker can trigger a stack overflow condition. This not only causes the system to crash with a PAGE_FAULT_NON_PAGE blue screen error but also leads to memory corruption. In more dangerous scenarios, the memory corruption can be exploited to achieve arbitrary code execution. Since the driver's IOCTL functions can be called by low-privileged programs, attackers don't need high-level access to start the exploitation process. Once arbitrary code execution is achieved, attackers can run unauthorized commands with elevated privileges, potentially stealing sensitive data, installing malware, or taking full control of the affected system. |
|---|
| Source | ⚠️ https://b.iakb.org/2025/06/26/Wincor-Nixdorf-PORT-IO-Driver-Buffer-Overflow/ |
|---|
| User | rickqwq (UID 87143) |
|---|
| Submission | 06/27/2025 01:38 (10 months ago) |
|---|
| Moderation | 10/18/2025 09:49 (4 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329013 [Nixdorf Wincor PORT IO Driver up to 1.0.0.1 IOCTL wnport.sys sub_11100 stack-based overflow] |
|---|
| Points | 20 |
|---|