Detections
Analytics

CVE-2023-52271

medium

Description

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).

References

https://hackread.com/dragonforce-ransomware-microsoft-teams-malware/

https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/

https://www.topazevolution.com/en/antifraud/

https://northwave-cybersecurity.com/vulnerability-notice-topaz-antifraud

Details

Source: Mitre, NVD

Published: 2024-01-08

Updated: 2025-06-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00052