|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Compaq's iPAQ Easy Access Keyboard contains a flaw that may allow an attacker with physical access to bypass any form of screen locking protection on the machine. The issue is due to the Easy Access Keyboard mapping that controls specialty buttons on some keyboards. If these buttons are programmed to launch applications, it can do so while bypassing the screen locking program, including the native Windows screen lock.
|
|
Classification |
Location:
Physical Access Required
Attack Type:
Other
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
An attacker who has the ability to edit the configuration file for the keyboard button settings may be able to gain elevated privileges. By modifying the file \Program Files\Compaq\Easy Access Keyboard\global.kmp, an attacker could select arbitrary programs to run from the buttons that may allow elevated privileges if the attacker also has physical access.
|
|
Solution |
Upgrade to version 1.51A or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Easy Access Keyboard
 |
1.3 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
