PT-2019-19826 · Shanda · Shanda Maplestory Online

Doublelabyrinth

Published

2019-03-12

Updated

2020-08-24

CVE-2019-9729

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shanda MapleStory Online version V160

Description The issue arises from the SdoKeyCrypt.sys driver, which fails to validate the IOCtl 0x8000c01c input value. This oversight leads to an integer signedness error and a heap-based buffer underflow, ultimately allowing privilege escalation to NT AUTHORITYSYSTEM.

Recommendations For Shanda MapleStory Online version V160, consider disabling the SdoKeyCrypt.sys driver as a temporary workaround until a patch is available. Restrict access to the IOCtl 0x8000c01c to minimize the risk of exploitation.

Exploit

Fix

Improper Validation of Array Index

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-787

Related Identifiers

CVE-2019-9729

Affected Products

Shanda Maplestory Online

PT-2019-19826 · Shanda · Shanda Maplestory Online

CVE-2019-9729

Weakness Enumeration

Related Identifiers

Affected Products

References · 4