Advantech WebAccess Webvrpcs Service DrawSrv Untrusted Pointer Dereference Exploit

The specific flaw exists within the implementation of the 0x2723 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this functionality to execute code under the context of Administrator.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2017-12719
Product Version: 
2017_R2
Released Date: 
Thursday, December 28, 2017 - 00:00