Описание
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
Ссылки
- Broken LinkPatch
- Broken LinkExploitPatch
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkExploitPatch
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.3 (включая)
cpe:2.3:a:pedestalsoftware:integrity_protection_driver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.0015
Низкий
9.8 Critical
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
EPSS
Процентиль: 36%
0.0015
Низкий
9.8 Critical
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-59