Количество 2
Количество 2
CVE-2024-12668
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers.
GHSA-9pc9-px3j-hxmw
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability whereby an attacker can subvert code-signing facilities leading to the ability to write the value zero anywhere in memory with the driver – without using the\nPMEM_WRITE_ENABLED compilation flag. This issue is remediated in version 4.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-12668 Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers. | CVSS3: 8.2 | 0% Низкий | около 1 года назад |
| GHSA-9pc9-px3j-hxmw Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability whereby an attacker can subvert code-signing facilities leading to the ability to write the value zero anywhere in memory with the driver – without using the\nPMEM_WRITE_ENABLED compilation flag. This issue is remediated in version 4.1. | CVSS3: 8.2 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу