Intel Product Security Advisories and Notices

Intel® PROSet/Wireless Software Local Information Disclosure

Thu, 21 Jun 2007 22:37:13 -0400

A security vulnerability exists in the Intel® PROSet/Wireless Software (PROSet application) because of insecure usage of shared memory allowing a person having access to the user’s computer or malicious software installed on the user’s computer to obtain access to users’ wireless network security information.

Intel® LAN Driver Buffer Overflow Local Privilege Escalation

Thu, 21 Jun 2007 22:37:13 -0400

A software vulnerability exists in the specified PCI, PCI-X and PCIe Intel network component drivers that could allow unprivileged code executing on an affected system to perform a local privilege escalation.

Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution

Thu, 21 Jun 2007 22:37:13 -0400

Security vulnerabilities exist in the Microsoft* Windows* drivers for the Intel® 2200BG and 2915ABG PRO/Wireless Network Connection Hardware because of the way that they currently handle certain frames. An attacker could potentially exploit these vulnerabilities which could potentially lead to remote code execution and system control.

Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation

Thu, 21 Jun 2007 22:37:13 -0400

A security vulnerability exists in the Microsoft* Windows* drivers for the Intel® 2100 PRO/Wireless Network Connection Hardware because of the way that driver handles certain requests by applications. The vulnerability could potentially be exploited by injecting specially crafted malicious frames into the driver and with the aid of an application loaded on the local system kernel level privileges could potentially be obtained.

Intel® Enterprise Southbridge 2 Baseboard Management Controller Denial of Service

Thu, 21 Jun 2007 22:37:12 -0400

A denial of service vulnerability exists in the Intel® Enterprise Southbridge 2 Baseboard Management Controller which may allow malicious users to connect to a server system within a local area network and issue any Intelligent Platform Management Interface command. If proper external network access procedures are followed the vulnerability is limited to internal access within a local network.