CVE-2024-47006
📋 TL;DR
This vulnerability allows an authenticated attacker with local access to escalate privileges on Windows 10 systems by exploiting an uncontrolled search path in the Intel RealSense D400 Series UWP driver. The attacker could place a malicious DLL in a location that the driver searches, leading to arbitrary code execution with higher privileges. Only systems with the Intel RealSense D400 Series driver installed are affected.
💻 Affected Systems
- Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement capabilities.
Likely Case
An authenticated user with standard privileges escalates to administrator rights, allowing installation of malware, configuration changes, and access to protected resources.
If Mitigated
With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Exploitation requires understanding of DLL search order hijacking and ability to place malicious files in accessible directories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Intel advisory for latest patched version
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01240.html
Restart Required: Yes
Instructions:
1. Visit Intel Security Advisory INTEL-SA-01240
2. Download the latest Intel RealSense D400 Series UWP Driver
3. Install the updated driver
4. Restart the system
🔧 Temporary Workarounds
Restrict DLL search paths
windowsUse Windows policies to restrict DLL search order and prevent loading from untrusted directories
Use Group Policy: Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker > DLL Rules
Remove vulnerable driver
windowsUninstall the Intel RealSense D400 Series UWP Driver if not needed
Control Panel > Programs > Uninstall a program > Select Intel RealSense D400 Series UWP Driver > Uninstall
🧯 If You Can't Patch
- Implement strict access controls to limit local authenticated user access to systems with vulnerable driver
- Monitor for suspicious DLL loading events and file creation in system directories
🔍 How to Verify
Check if Vulnerable:
Check installed driver version via Device Manager > Imaging devices > Intel RealSense D400 Series > Driver tabCheck Version:
powershell Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DeviceName -like '*RealSense*'} | Select-Object DeviceName, DriverVersionVerify Fix Applied:
Verify driver version matches or exceeds patched version from Intel advisory📡 Detection & Monitoring
Log Indicators:
- Windows Event ID 4697: Service installation
- Unexpected DLL loading from user-writable directories
- Process creation with unexpected parent-child relationships
Network Indicators:
- Not applicable - local exploitation only
SIEM Query:
EventID=4697 AND (ServiceFileName LIKE '*realsense*' OR ServiceFileName LIKE '*d400*')