Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow

medium Nessus Plugin ID 28185

Synopsis

The remote Windows host contains a kernel driver that is prone to a local privilege escalation vulnerability.

Description

Macrovision SafeDisc, a copy-protection application for Microsoft Windows, is installed on the remote host.

The 'SECDRV.SYS' driver included with the version of SafeDisc currently installed on the remote host enables a local user to gain SYSTEM privileges using a specially crafted argument to the METHOD_NEITHER IOCTL.

Solution

Upgrade to Macrovision SECDRV.SYS Driver version 4.3.86 or later.

See Also

https://www.securityfocus.com/archive/1/482482/100/0/threaded

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2007/944653

Plugin Details

Severity: Medium

ID: 28185

File Name: macrovision_secdrv_priv_escalation.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 11/13/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2007-5587

BID: 26121

CWE: 119, 264