CVE-2006-1197 - SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allo

CVE-2006-1197

Summary

SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.

References

http://www.securityfocus.com/archive/1/427410/100/0/threaded
http://www.securityfocus.com/bid/17070
https://exchange.xforce.ibmcloud.com/vulnerabilities/25162

Vulnerable Configurations

cpe:2.3:a:macrovision:safedisc:*:*:*:*:*:*:*:*
cpe:2.3:a:macrovision:safedisc:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2018 - 16:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	17070
bugtraq	20060311 Copy protection scheme SafeDisc allows privilege escalation
xf	safedisk-secdrv-gain-privileges(25162)

Last major update

18-10-2018 - 16:31

Published

13-03-2006 - 22:02

Last modified

18-10-2018 - 16:31