PT-2018-17976 · Microsoft · Windows

Published

2018-02-26

Updated

2018-03-21

CVE-2018-7250

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to KB3086255

Description An issue was discovered in secdrv.sys that allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data due to an uninitialized kernel pool allocation in IOCTL 0xCA002813.

Recommendations For Microsoft Windows versions prior to KB3086255, apply the update KB3086255 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-7250

Affected Products

Windows

PT-2018-17976 · Microsoft · Windows

CVE-2018-7250

Weakness Enumeration

Related Identifiers

Affected Products

References · 3