Published: 05/03/2021 Updated: 16/03/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The MsIo64.sys driver prior to 1.1.19.1016 in MSI Dragon Center prior to 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
msi dragon center

stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system

CVE-2021-27965 Simple PoC for exploiting CVE-2021-27965 for LPE by spawning system cmd cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-27965 An issue was discovered in signed MICSYS windows driver (MsIo64sys) which may lead to compromisation of whole local system Driver's ioctl dispatch routine suffers from stack based buffer overflow in all IOCTL codes and also

CWE-120 https://github.com/kronl/cve/tree/master/MSI_Dragon_Center https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab https://nvd.nist.gov https://github.com/mathisvickie/CVE-2021-27965

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27965

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect