CVE-2005-4176

AWARD Bios Modular 4.50pg - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4176. PoCs published by Endrazine.

AI-analyzed exploit summary This exploit code reads the BIOS keyboard buffer to extract preboot authentication passwords stored in memory. It writes the dumped password to a file, leveraging direct memory access to the BIOS buffer region.

Description

AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Endrazine · localwindows
https://www.exploit-db.com/exploits/26752

This exploit code reads the BIOS keyboard buffer to extract preboot authentication passwords stored in memory. It writes the dumped password to a file, leveraging direct memory access to the BIOS buffer region.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Multiple BIOS vendors and preboot authentication applications (e.g., Truecrypt 5.0, DiskCryptor 0.2.6, GRUB Legacy 0.97)
No auth needed
Prerequisites: Physical or local access to the target system · Execution in a privileged context (e.g., superuser on Linux)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Endrazine · clocalunix
https://www.exploit-db.com/exploits/26753

This exploit reads the BIOS keyboard buffer at a fixed memory address (0x041e) to extract preboot authentication passwords left in memory by vulnerable software. It also includes functions to clear or modify the buffer, demonstrating the vulnerability's impact.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Multiple vendors' BIOS and preboot authentication software (e.g., Truecrypt 5.0, DiskCryptor 0.2.6, GRUB Legacy 0.97, etc.)
No auth needed
Prerequisites: Access to /dev/mem (requires root on Linux)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://www.ivizsecurity.com/preboot-patch.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15751
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/419610/100/0/threaded
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/847537

Scores

EPSS 0.0126
EPSS Percentile 65.7%

Details

Status published
Published Dec 11, 2005
Tracked Since Feb 18, 2026