PT-2018-17975 · Microsoft · Windows

Elvin9

Published

2018-02-26

Updated

2018-03-22

CVE-2018-7249

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to KB3086255

Description An issue was discovered that can cause a race condition leading to a use-after-free, allowing an unprivileged attacker to run arbitrary code in the kernel. This is achieved through two carefully timed calls to IOCTL 0xCA002813.

Recommendations For Microsoft Windows versions prior to KB3086255, apply the update KB3086255 to resolve the issue.

Exploit

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

CVE-2018-7249

Affected Products

Windows

PT-2018-17975 · Microsoft · Windows

CVE-2018-7249

Weakness Enumeration

Related Identifiers

Affected Products

References · 3