Vulnerability Name: | CVE-2018-7250 (CCN-139585) | ||||||||||||
Assigned: | 2018-02-26 | ||||||||||||
Published: | 2018-02-26 | ||||||||||||
Updated: | 2018-03-21 | ||||||||||||
Summary: | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. | ||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-7250 Source: XF Type: UNKNOWN microsoft-cve20187250-info-disc(139585) Source: CCN Type: GitHub Web site SecDrvPoolLeak - A PoC for CVE-2018-7250 Source: MISC Type: Third Party Advisory https://github.com/Elvin9/SecDrvPoolLeak/blob/master/README.md Source: CCN Type: Microsoft Security Bulletin MS15-097 Description of the security update for the graphics component in Windows | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |