Vulnerabilities > CVE-2018-7249 - Use After Free vulnerability in multiple products

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

microsoft

tivo

CWE-416

NVD

Published: 2018-02-26

Updated: 2024-11-21

Summary

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows Vista * Microsoft Windows 8.1 * Microsoft Windows 7 * Microsoft Windows 8 *	4
Application	Tivo Tivo Safedisc -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/Elvin9/NotSecDrv/blob/master/README.md
https://github.com/Elvin9/NotSecDrv/blob/master/README.md