Kernel Fun: MOKB-16-11-2006: NetGear WG111v2 Wireless Driver Long Beacon Overflow

Thursday, November 16, 2006

MOKB-16-11-2006: NetGear WG111v2 Wireless Driver Long Beacon Overflow

The NetGear WG111v2 wireless adapter (USB) ships with a version of WG111v2.SYS that is vulnerable to a stack-based buffer overflow. This overflow can lead to arbitrary kernel-mode code execution. The overflow occurs when a 802.11 beacon request is received that contains over 1100 bytes of information elements.

More details
Proof of concept: netgear_wg111_beacon.rb