CVE-2018-7250
Summary
| CVE | CVE-2018-7250 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-26 20:29:00 UTC |
| Updated | 2018-03-21 16:45:00 UTC |
| Description | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 7 | All | All | All | All |
| Operating System | Microsoft | Windows 8 | All | All | All | All |
| Operating System | Microsoft | Windows 8 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Application | Tivo | Safedisc | - | All | All | All |
| Application | Tivo | Safedisc | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecDrvPoolLeak/README.md at master · Elvin9/SecDrvPoolLeak · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.