The latest release of MoKB deals with a stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver. This leads to arbitrary kernel-mode code execution.

The Zeroday Emergency Response Team (ZERT) has released an FAQ discussing the vulnerability.

Q: Why is this vulnerability dangerous? It’s local; it can not be used through the Internet.

A: Although it can not be exploited over the Internet, it can be used against your computer from a distance. If you are near other users with laptops, you are at risk. If you are at an airport, coffee shop, or using your computer with the wireless card enabled in any public place, you are at risk. It is remote by the means of RF transmissions, the distance is dependent on the attacker’s antenna and signal strength.

Windows is exploitable without the existence of an Access Point (AP) or any interaction from the user. The card’s background scan of available wireless networks triggers the flaw.

Technical details about the vulnerability is located in the MoKBsite and the Proof of Concept code is included in the latestmetasploit module.