PT-2020-13600 · Softperfect · Softperfect Ram Disk

Published

2020-08-04

Updated

2022-06-07

CVE-2020-13523

CVSS v3.1

3.8

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SoftPerfect RAM Disk version 4.1

Description An exploitable information disclosure issue exists in the spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this issue.

Recommendations For SoftPerfect RAM Disk version 4.1, consider disabling the spvve.sys driver as a temporary workaround until a patch is available. Restrict access to the driver to minimize the risk of exploitation. Avoid using the driver in sensitive environments until the issue is resolved.

Exploit

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

CVE-2020-13523

Affected Products

Softperfect Ram Disk

PT-2020-13600 · Softperfect · Softperfect Ram Disk

CVE-2020-13523

Weakness Enumeration

Related Identifiers

Affected Products

References · 4