CVE-2018-7249
Summary
| CVE | CVE-2018-7249 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-26 20:29:00 UTC |
| Updated | 2018-03-22 13:26:00 UTC |
| Description | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. |
Risk And Classification
Problem Types: CWE-362 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 8 | All | All | All | All |
| Operating System | Microsoft | Windows 8 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Application | Tivo | Safedisc | - | All | All | All |
| Application | Tivo | Safedisc | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NotSecDrv/README.md at master · Elvin9/NotSecDrv · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.