A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
Link | Tags |
---|---|
https://warroom.securestate.com/cve-2017-9769/ | third party advisory exploit |
https://www.exploit-db.com/exploits/42368/ | exploit vdb entry third party advisory |
http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess | third party advisory exploit |