Intel Driver Update Utility information leakage (CVE-2016-1493)
Intel Driver Update Utility information leakage (CVE-2016-1493)
Release date:
Updated on:
Affected Systems:
Intel Driver Update Utility 2.2.0.5
Description:
CVE (CAN) ID: CVE-2016-1493
Intel Driver Update Utility is a tool used to analyze computer system drivers.
Intel Driver Update Utility 2.2.0.5 has a man-in-the-middle attack vulnerability. If attackers use DNS spoofing to execute ARP attacks, they can bypass the Domain Verification Method VerifyDownloadURL, after successful transmission, the data transmission integrity, information leakage, and code execution can be damaged.
<* Source: Core Security Research Team
*>
Suggestion:
Vendor patch:
Intel
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
Http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm#UpdatedVersion
This article permanently updates the link address: