CVE-2008-7211

Ensoniq PCI 1371 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7211. PoCs published by Ruben Santamarta.

AI-analyzed exploit summary The writeup describes a local privilege escalation vulnerability in Creative Ensoniq PCI ES1371 WDM drivers (es1371mp.sys 5.1.3612.0) on Windows Vista, allowing arbitrary kernel-level code execution. The issue is confirmed in VMware environments with Vista guests and sound enabled.

Description

CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer.

Exploits (1)

exploitdb WRITEUP

by Ruben Santamarta · textlocalwindows

https://www.exploit-db.com/exploits/30999

View Code ZIP pw:eip

The writeup describes a local privilege escalation vulnerability in Creative Ensoniq PCI ES1371 WDM drivers (es1371mp.sys 5.1.3612.0) on Windows Vista, allowing arbitrary kernel-level code execution. The issue is confirmed in VMware environments with Vista guests and sound enabled.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Creative Ensoniq PCI ES1371 WDM drivers (es1371mp.sys) 5.1.3612.0

Auth required

Prerequisites: Local access to a vulnerable Windows Vista system · Presence of vulnerable driver (es1371mp.sys 5.1.3612.0) · VMware environment with sound enabled (if applicable)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →