PT-2020-9755 · Rivet · Rivet Killer Control Center

Published

2020-03-20

Updated

2020-03-26

CVE-2019-15663

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rivet Killer Control Center versions prior to 2.1.1352

Description An issue was discovered in Rivet Killer Control Center where IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges.

Recommendations For versions prior to 2.1.1352, update to version 2.1.1352 or later to resolve the issue. As a temporary workaround, consider restricting access to the KfeCo10X64.sys driver to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-15663

Affected Products

Rivet Killer Control Center

PT-2020-9755 · Rivet · Rivet Killer Control Center

CVE-2019-15663

Weakness Enumeration

Related Identifiers

Affected Products

References · 6