Lucene search

MitreCVE-2019-9729

HistoryMar 12, 2019 - 10:29 p.m.

CVE-2019-9729

2019-03-1222:29:01

CWE-787

CWE-129

mitre

web.nvd.nist.gov

shanda maplestory

online v160

sdokeycrypt.sys

privilege escalation

cve-2019-9729

nvd

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.2%

JSON

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

Affected configurations

Nvd

Node

shandamaplestory_onlineMatch160.0

VendorProductVersionCPE
shandamaplestory_online160.0cpe:2.3:a:shanda:maplestory_online:160.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shanda	maplestory_online	160.0	cpe:2.3:a:shanda:maplestory_online:160.0:::::::*

References

github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.2%

JSON

Related for CVE-2019-9729