Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-5587 | First vendor Publication | 2007-10-19 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5587 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:4584 | |||
| Oval ID: | oval:org.mitre.oval:def:4584 | ||
| Title: | Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege | ||
| Description: | Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-5587 | Version: | 1 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Macrovision |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41429 | Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-11 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : smb_nt_ms07-067.nasl - Type : ACT_GATHER_INFO |
| 2007-11-13 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : macrovision_secdrv_priv_escalation.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:16:01 |
|
| 2024-11-28 12:13:49 |
|
| 2020-05-23 00:20:39 |
|
| 2019-03-19 12:02:35 |
|
| 2018-10-16 00:19:18 |
|
| 2018-10-13 00:22:38 |
|
| 2017-09-29 09:23:15 |
|
| 2017-07-29 12:02:37 |
|
| 2016-06-28 17:00:40 |
|
| 2016-04-26 16:44:11 |
|
| 2014-02-17 10:42:16 |
|
| 2013-05-11 10:39:57 |
|
