CVE-2007-5587

medium

Description

Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.

References

http://blog.48bits.com/?p=172

http://osvdb.org/41429

http://secunia.com/advisories/27285

http://securityreason.com/securityalert/3266

http://www.microsoft.com/technet/security/advisory/944653.mspx

http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15

http://www.securityfocus.com/archive/1/482474/100/0/threaded

http://www.securityfocus.com/archive/1/482482/100/0/threaded

http://www.securityfocus.com/archive/1/485268/100/0/threaded

http://www.securityfocus.com/bid/26121

http://www.securitytracker.com/id?1018833

http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

http://www.vupen.com/english/advisories/2007/3537

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067

https://exchange.xforce.ibmcloud.com/vulnerabilities/37284

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584

Details

Source: MITRE

Published: 2007-10-19

Updated: 2018-10-15

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM