CVE-2018-7250

CVE Database · CVE-2018-7250

CVE-2018-7250

· N/AModified

CVSS v3.1

N/A

EPSS

3.03%

Published

Feb 26, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.

Weaknesses (CWE)

CWE-200

Affected Products (5)

microsoft · windows_7vulnerable

microsoft · windows_8vulnerable

microsoft · windows_8.1vulnerable

microsoft · windows_vistavulnerable

tivo · safediscvulnerable

References (2)

https://github.com/Elvin9/SecDrvPoolLeak/blob/master/README.md

Third Party Advisory

https://github.com/Elvin9/SecDrvPoolLeak/blob/master/README.md

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs