CVE-2005-4176

AWARD Bios Modular 4.50pg - Info Disclosure

Title source: llm

Description

AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Endrazine · localwindows

https://www.exploit-db.com/exploits/26752

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Endrazine · clocalunix

https://www.exploit-db.com/exploits/26753

View Code ZIP pw:eip

References (6)

[Various Sources] http://www.ivizsecurity.com/preboot-patch.html

[Various Sources] http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15751

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/419610/100/0/threaded

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/847537

[Various Sources] http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

Scores

EPSS 0.0079

EPSS Percentile 73.9%

Details

Status published

Published Dec 11, 2005

Tracked Since Feb 18, 2026