Vulnerability Name:

CVE-2007-5587 (CCN-37284)

Assigned:2007-10-16
Published:2007-10-16
Updated:2018-10-15
Summary:Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.7 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2007 - 18:07:23 CDT
Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day)

Source: MISC
Type: Exploit
http://blog.48bits.com/?p=172

Source: MITRE
Type: CNA
CVE-2007-5587

Source: OSVDB
Type: UNKNOWN
41429

Source: CCN
Type: SA27285
Macrovision SafeDisc secdrv.sys Privilege Escalation

Source: SECUNIA
Type: UNKNOWN
27285

Source: SREASON
Type: UNKNOWN
3266

Source: CCN
Type: SECTRACK ID: 1018833
Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges

Source: CCN
Type: ASA-2007-511
MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

Source: MSKB
Type: UNKNOWN
944653

Source: CCN
Type: Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

Source: CCN
Type: OSVDB ID: 41429
Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow

Source: CCN
Type: Reverse Mode News Archive, Friday, 19 October 2007
Symantec warns of local privilege escalation 0Day in Windows. Busted.

Source: MISC
Type: UNKNOWN
http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15

Source: BUGTRAQ
Type: UNKNOWN
20071017 Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day)

Source: BUGTRAQ
Type: UNKNOWN
20071018 [CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day)

Source: HP
Type: UNKNOWN
SSRT071506

Source: BID
Type: UNKNOWN
26121

Source: CCN
Type: BID-26121
Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018833

Source: MISC
Type: UNKNOWN
http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html

Source: CERT
Type: US Government Resource
TA07-345A

Source: VUPEN
Type: UNKNOWN
ADV-2007-3537

Source: MS
Type: UNKNOWN
MS07-067

Source: XF
Type: UNKNOWN
windows-secdrv-bo(37284)

Source: XF
Type: UNKNOWN
windows-secdrv-bo(37284)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4584

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:macrovision:safedisc:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:4584
    V
    		Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege
    2008-02-04
    BACK
    microsoft windows 2003 server *
    microsoft windows xp *
    macrovision safedisc *
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2