Published: 26/02/2018 Updated: 22/03/2018

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 615

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

An issue exists in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 8.1
microsoft windows vista
microsoft windows 8
microsoft windows 7
tivo safedisc -

A PoC for CVE-2018-7249

NotSecDrv - A PoC code for CVE-2018-7249 General Description An issue was discovered in secdrvsys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 81 before KB3086255, and as shipped in Macrovision SafeDisc Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free When exploited, an unprivileged attacker

A PoC for CVE-2018-7250

SecDrvPoolLeak - A PoC for CVE-2018-7250 Description An issue was discovered in secdrvsys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 81 before KB3086255, and as shipped in Macrovision SafeDisc An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data T

CWE-362 CWE-416 https://github.com/Elvin9/NotSecDrv/blob/master/README.md https://nvd.nist.gov https://github.com/Elvin9/NotSecDrv

CVE-2018-7249

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect