Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege |
| Informations | |||
|---|---|---|---|
| Name | KB944653 | First vendor Publication | 2007-11-05 |
| Vendor | Microsoft | Last vendor Modification | 2007-12-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-067 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-067. The vulnerability addressed is the Macrovision Driver Vulnerability -CVE-2007-5587. |
Original Source
| Url : http://www.microsoft.com/technet/security/advisory/944653.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:4584 | |||
| Oval ID: | oval:org.mitre.oval:def:4584 | ||
| Title: | Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege | ||
| Description: | Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-5587 | Version: | 1 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Macrovision |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41429 | Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-11 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : smb_nt_ms07-067.nasl - Type : ACT_GATHER_INFO |
| 2007-11-13 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : macrovision_secdrv_priv_escalation.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:38:46 |
|
| 2013-05-11 12:20:23 |
|
