Buffer overflow in Wibukey - CVE-2018-3990
Published: December 24, 2018 / Updated: June 28, 2023
Vulnerability identifier: #VU16679
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-3990
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Wibu Systems
Affected software:
Wibukey
Wibukey
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to buffer overflow in the 0x8200E804 IOCTL handler functionality of WibuKey.sys when handling malicious input. A local attacker can use a specially crafted IRP request, trigger kernel memory corruption and gain elevated privileges.
The weakness exists due to buffer overflow in the 0x8200E804 IOCTL handler functionality of WibuKey.sys when handling malicious input. A local attacker can use a specially crafted IRP request, trigger kernel memory corruption and gain elevated privileges.
How to mitigate CVE-2018-3990
Update to version 6.50.