PT-2020-9754 · Rivet · Rivet Killer Control Center

Dhanesh Kizhakkinan

Published

2020-03-20

Updated

2020-03-26

CVE-2019-15662

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rivet Killer Control Center versions prior to 2.1.1352

Description An issue was discovered where IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.

Recommendations For Rivet Killer Control Center versions prior to 2.1.1352, update to version 2.1.1352 or later to resolve the issue. As a temporary workaround, consider restricting access to the KfeCo10X64.sys driver to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-15662

Affected Products

Rivet Killer Control Center

PT-2020-9754 · Rivet · Rivet Killer Control Center

CVE-2019-15662

Weakness Enumeration

Related Identifiers

Affected Products

References · 6