Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLucas Leong (@wmliang) of Trend Micro Security ResearchZDI-18-578
HistoryJun 13, 2018 - 12:00 a.m.

Microsoft Windows ksecdd IOCTL 0x390400 Out-Of-Bounds Read Information Disclosure Vulnerability

2018-06-1300:00:00
Lucas Leong (@wmliang) of Trend Micro Security Research
www.zerodayinitiative.com
83

0.002 Low

EPSS

Percentile

52.5%

JSON

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ksecdd IOCTL 0x390400, which is implemented in cng.sys. Crafted parameters to this IOCTL can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM.

Related

mskb 13
symantec 1
mscve 1
prion 2
cvelist 2
cve 2
nvd 2
nessus 9
kaspersky 2
openvas 7
talosblog 1
trendmicroblog 1
mskb
mskb
Description of the security update for the Windows kernel information disclosure vulnerability in Windows Server 2008: June 12, 2018
2018-06-12 07:00:00
Description of the security update for vulnerabilities in Windows Server 2008: June 12, 2018
2018-06-12 07:00:00
June 12, 2018—KB4284846 (Security-only update)
2018-06-12 07:00:00
symantec
symantec
Microsoft Windows Kernel CVE-2018-8207 Local Information Disclosure Vulnerability
2018-06-12 00:00:00
mscve
mscve
Windows Kernel Information Disclosure Vulnerability
2018-06-12 07:00:00
prion
prion
Information disclosure
2018-06-14 12:29:00
Information disclosure
2018-06-14 12:29:00
cvelist
cvelist
CVE-2018-8121
2018-06-14 12:00:00
CVE-2018-8207
2018-06-14 12:00:00
cve
cve
CVE-2018-8121
2018-06-14 12:29:00
CVE-2018-8207
2018-06-14 12:29:00
nvd
nvd
CVE-2018-8121
2018-06-14 12:29:00
CVE-2018-8207
2018-06-14 12:29:00
nessus
nessus
Security Updates for Windows Server 2008 (June 2018)
2018-06-12 00:00:00
KB4284846: Windows Server 2012 June 2018 Security Update
2018-06-12 00:00:00
KB4284867: Windows 7 and Windows Server 2008 R2 June 2018 Security Update
2018-06-12 00:00:00
kaspersky
kaspersky
KLA11892 Multiple vulnerabilties in Microsoft Products (ESU)
2018-06-12 00:00:00
KLA11266 Multiple vulnerabilities in Microsoft Windows
2018-06-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4284815)
2018-06-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4284826)
2018-06-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4284860)
2018-06-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - June 2018
2018-06-12 11:58:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
2018-06-15 12:39:57

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for ZDI-18-578
mskb13symantec1mscve1prion2cvelist2cve2nvd2nessus9kaspersky2openvas7talosblog1trendmicroblog1