Cogent — Cis-202 Iris Scanner Driver Windows 7 32 Bit

| CVE | Issue | Impact | |-----|-------|--------| | CVE-2019-1189 | Improper input validation in IOCTL 0x222000 | Local privilege escalation via buffer overflow in kernel pool | | CVE-2018-8213 | Driver allows arbitrary user-mode read of iris buffer | Information disclosure (iris template theft) | | No CVE (unpatched) | No IOMMU protection – DMA attacks possible if USB port accessible | Physical memory read/write |

// Pseudocode from decompiled cis202.sys NTSTATUS CaptureIrisImage(PDEVICE_EXTENSION dx, PUCHAR outBuffer, ULONG outLen) PURB urb = ExAllocatePool(NonPagedPool, sizeof(_URB_BULK_OR_INTERRUPT_TRANSFER)); urb->UrbBulkOrInterruptTransfer.TransferBufferLength = IRIS_RAW_SIZE; // 640*480 = 307200 bytes urb->UrbBulkOrInterruptTransfer.TransferBuffer = dx->IrisBuffer; // Non-paged pool urb->UrbBulkOrInterruptTransfer.TransferFlags = USBD_TRANSFER_DIRECTION_IN; IoCallDriver(dx->UsbDevice, urb); RtlCopyMemory(outBuffer, dx->IrisBuffer, outLen); cogent cis-202 iris scanner driver windows 7 32 bit

[Cogent.NTx86] %DeviceDesc%=CIS202_Install, USB\VID_1D3C&PID_0202 | CVE | Issue | Impact | |-----|-------|--------|

If you need a specific section expanded (e.g., full driver disassembly, Linux porting guide, or USB protocol dump), let me know. ULONG outLen) PURB urb = ExAllocatePool(NonPagedPool

[Version] Signature="$WINDOWS NT$" Class=Biometric ClassGuid=53D29EF7-377C-4D14-864B-EB3A85769359 Provider=%Cogent% DriverVer=09/15/2012,2.1.0.7 [Manufacturer] %MfgName%=Cogent, NTx86