Secure Endpoint

CVE-2009-5151

Missing Digital Signature

Published: May 11, 2018 | Last Updated: Sep 24, 2020

The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.

Security Updates

Product Platform Fix Versions Fix Version Release Date
Rpcnet.exe v857 and earlier Windows OS 898 Feb 1, 2011
Rpcnetp.exe v957 and earlier Windows BIOS 961 Jul 14, 2017

Mitigations

N/A

Work Arounds

N/A

Read more about NIST CVE-2009-5151

FAQs

Financial Services