CyberSec.Space Logo
Back to CVE Browser

CVE-2017-9769

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0160%
EPSS Percentile0.16th
PublishedAug 2, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

Affected Platforms (CPE)

πŸ“¦
Razer

Synapse

= 2.20.15.1104

References & Advisories

πŸ”— http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess
πŸ”— https://warroom.securestate.com/cve-2017-9769/
πŸ”— https://www.exploit-db.com/exploits/42368/
πŸ”— http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess
πŸ”— https://warroom.securestate.com/cve-2017-9769/
πŸ”— https://www.exploit-db.com/exploits/42368/

Related Vulnerabilities

CVE-2017-157089.8

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or al...

CVE-2019-188359.8

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /...

CVE-2018-165158.8

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging i...

CVE-2017-116528.4

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain pri...