exploitDog

CVE-2019-9729

Опубликовано: 12 мар. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

Ссылки

https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
Exploit
Third Party Advisory
https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shanda:maplestory_online:160.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02419

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-129

Связанные уязвимости

GHSA-2cjm-39g8-5fv8

CVSS3: 7.8

github

больше 3 лет назад

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

EPSS

Процентиль: 84%

0.02419

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-129