Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow

Medium Nessus Plugin ID 28185


The remote Windows host contains a kernel driver that is prone to a local privilege escalation vulnerability.


Macrovision SafeDisc, a copy-protection application for Microsoft Windows, is installed on the remote host.

The 'SECDRV.SYS' driver included with the version of SafeDisc currently installed on the remote host enables a local user to gain SYSTEM privileges using a specially crafted argument to the METHOD_NEITHER IOCTL.


Upgrade to Macrovision SECDRV.SYS Driver version 4.3.86 or later.

See Also

Plugin Details

Severity: Medium

ID: 28185

File Name: macrovision_secdrv_priv_escalation.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2007/11/13

Modified: 2015/01/12

Dependencies: 11936, 13855, 10456

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With


Core Impact

Reference Information

CVE: CVE-2007-5587

BID: 26121

OSVDB: 41429

CWE: 119, 264