A Broadcom wireless device driver is vulnerable to a stack-based buffer overflow that could lead to attacks on...
computers from a distance, according to an advisory issued Saturday by the Month of Kernel Bugs.
The device driver, a Broadcom BCMWL5.SYS is bundled with a number of new PCs including HP, Dell, Gateway and eMachines. The Broadcom wireless device driver is vulnerable to a stack-based buffer overflow that can lead to arbitrary kernel-mode code execution, according to the advisory.
"This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field," the MKB said in its advisory.
Broadcom released a fixed driver to their partners, which provides updates for the affected products. Linksys, Zonet, and other wireless card manufactures also provide devices that ship with this driver, MKB said.
The volunteer group, Zero-day Threat Response Team (ZERT), labeled the vulnerability as "critical." computers located a short distance away from laptops are at risk as well as computers located in public spaces with an enabled wireless card in use, ZERT said.