Add SonixDeviceMFT.dll (CVE-2023-51715)

During the installation of this webcam driver, the registry permissions on a COM object get set too weak, enabling LPE. 

CVE: CVE-2023-51715 (was never made public by the CNA who reserved the ID)
Ref: https://herolab.usd.de/security-advisories/usd-2023-0029/

For some reason, the driver has two DLLs in different directories, named exactly the same. 

```
$sha256sum SonixDeviceMFT.dll
e181006d410cce00ff1303a359c23612d0506b5c04988696cc5ff685e30fb789  SonixDeviceMFT.dll
$sha1sum SonixDeviceMFT.dll
de59320c2fdc90b24fab5bd70252759ba34e7d2e  SonixDeviceMFT.dll
$md5sum SonixDeviceMFT.dll
7627850eebde72a991e2fe1eb7c0f7dc  SonixDeviceMFT.dll
```

```
$ sha256sum SonixDeviceMFT.dll
c2bdcd4bd5b0b4257cd7d04861a5aba30cc4e3146c82b153d0abfbf1f4f1ada2  SonixDeviceMFT.dll
$ sha1sum SonixDeviceMFT.dll
409d1fe5e9008a2238050cf6b346ae81ddce741f  SonixDeviceMFT.dll
$ md5sum SonixDeviceMFT.dll
e087e30b3568b1de1e5a70520c3ba0dc  SonixDeviceMFT.dll
```

**The DLL file itself is not the issue here.** This version just indicated that something is wrong in the registry. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SonixDeviceMFT.dll (CVE-2023-51715) #247

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add SonixDeviceMFT.dll (CVE-2023-51715) #247

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions