Vulnerabilities > CVE-2019-15662 - Out-of-bounds Read vulnerability in Killernetworking Killer Control Center

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

killernetworking

CWE-125

NVD

Published: 2020-03-20

Updated: 2020-03-26

Summary

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.

Vulnerable Configurations

Part	Description	Count
Application	Killernetworking Killernetworking Killer Control Center 1.4.1466 Killernetworking Killer Control Center 1.4.1474 Killernetworking Killer Control Center 1.4.1492 Killernetworking Killer Control Center 1.4.1494 Killernetworking Killer Control Center 1.4.1503 Killernetworking Killer Control Center 1.5.1608 Killernetworking Killer Control Center 1.5.1618 Killernetworking Killer Control Center 1.5.1757 Killernetworking Killer Control Center 1.5.1784 Killernetworking Killer Control Center 1.5.1804 Killernetworking Killer Control Center 1.5.1805 Killernetworking Killer Control Center 1.5.1822 Killernetworking Killer Control Center 1.5.1847 Killernetworking Killer Control Center 1.5.1852 Killernetworking Killer Control Center 1.5.1859 Killernetworking Killer Control Center 1.7.1016 Killernetworking Killer Control Center 1.7.1023 Killernetworking Killer Control Center 1.7.1030 Killernetworking Killer Control Center 1.7.1034 Killernetworking Killer Control Center 1.7.1053 Killernetworking Killer Control Center 1.7.1080 Killernetworking Killer Control Center 1.7.1089 Killernetworking Killer Control Center 2.0.1134 Killernetworking Killer Control Center 2.0.1159 Killernetworking Killer Control Center 2.0.1170 Killernetworking Killer Control Center 2.0.1175 Killernetworking Killer Control Center 2.1.1281 Killernetworking Killer Control Center 2.1.1295 Killernetworking Killer Control Center 2.1.1299 Killernetworking Killer Control Center 2.1.1313 Killernetworking Killer Control Center 2.1.1334	31

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References