| Vulnerability Name: | CVE-2018-7249 (CCN-139584) | ||||||||||||
| Assigned: | 2018-02-26 | ||||||||||||
| Published: | 2018-02-26 | ||||||||||||
| Updated: | 2018-03-22 | ||||||||||||
| Summary: | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | ||||||||||||
| CVSS v3 Severity: | 7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-362 CWE-416 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-7249 Source: XF Type: UNKNOWN microsoft-cve20187249-code-exec(139584) Source: CCN Type: GitHub Web site NotSecDrv - A PoC code for CVE-2018-7249 Source: MISC Type: Exploit, Third Party Advisory https://github.com/Elvin9/NotSecDrv/blob/master/README.md Source: CCN Type: Microsoft Security Bulletin MS15-097 Description of the security update for the graphics component in Windows | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||