CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
13.1%
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_2003_server | * | cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:* |
macrovision | safedisc | * | cpe:2.3:a:macrovision:safedisc:*:*:*:*:*:*:*:* |
blog.48bits.com/?p=172
osvdb.org/41429
secunia.com/advisories/27285
securityreason.com/securityalert/3266
www.microsoft.com/technet/security/advisory/944653.mspx
www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15
www.securityfocus.com/archive/1/482474/100/0/threaded
www.securityfocus.com/archive/1/482482/100/0/threaded
www.securityfocus.com/archive/1/485268/100/0/threaded
www.securityfocus.com/bid/26121
www.securitytracker.com/id?1018833
www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html
www.us-cert.gov/cas/techalerts/TA07-345A.html
www.vupen.com/english/advisories/2007/3537
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067
exchange.xforce.ibmcloud.com/vulnerabilities/37284
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584