Описание
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers.
EPSS
8.2 High
CVSS3
Дефекты
Связанные уязвимости
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability whereby an attacker can subvert code-signing facilities leading to the ability to write the value zero anywhere in memory with the driver – without using the\nPMEM_WRITE_ENABLED compilation flag. This issue is remediated in version 4.1.
EPSS
8.2 High
CVSS3