CVE-2007-5633

2007-10-2317:46:00

mitre

web.nvd.nist.gov

speedfan.sys

msrs

read/write

unsigned drivers

windows vista x64

cve-2007-5633

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

Percentile

0.4%

JSON

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.

Affected configurations

Nvd

Node

microsoftwindows_vistax64

AND

almicospeedfanMatch4.33

VendorProductVersionCPE
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
almicospeedfan4.33cpe:2.3:a:almico:speedfan:4.33:*:*:*:*:*:*:*