Zero-day vulnerability in Windows

Advisory: SB2007110502 - Privilege escalation in Macrovision SafeDisc driver for Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2007-5587

CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-119 - Memory corruption

Description:

The vulnerability allows a local user to escalation privileges on vulnerable system.

The vulnerability exists due to incorrect handling of configuration parameters within Macrovision SafeDisc SECDRV.SYS driver, shipped by default with Windows XP and Windows 2003 operating systems. A local user pass specially crafted parameters to METHOD_NEITHER IOCTL and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain administrative access to vulnerable system.

Note: the vulnerability is being actively exploited.

- Macrovision SafeDisc - 'SecDRV.SYS' Method_Neither Privilege Escalation [Exploit-DB]

External links:

http://www.securityfocus.com/archive/1/archive/1/482482/100/0/threaded
https://downloads.avaya.com/css/P8/documents/100063289
https://threats.kaspersky.com/en/vulnerability/KLA10257/
https://www.tenable.com/plugins/index.php?view=single&id=29311
https://technet.microsoft.com/en-us/library/security/ms07-067.aspx
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms07-067)%20vuln...
https://www.dshield.org/diary/Windows%2BXP%2Band%2B2003%2Blocal%2Bprivilege%2Bescalation%2Bvulnerabi...
https://blogs.technet.microsoft.com/msrc/2007/11/05/msrc-blog-security-advisory-944653/