Main Vulnerability Database SB2020080513

SB2020080513 - Multiple vulnerabilities in SoftPerfect RAM Disk

Published: August 5, 2020

Security Bulletin ID SB2020080513

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-13522)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the "spvve.sys" driver. A local user can send a specially crafted I/O request packet (IRP) and delete any file on the filesystem.

2) Information disclosure (CVE-ID: CVE-2020-13523)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in "spvve.sys" driver. A local user can send a specially crafted I/O request packet (IRP) and gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

SB2020080513 - Multiple vulnerabilities in SoftPerfect RAM Disk

Breakdown by Severity

Description

Remediation

References

Please verify you're human