#VU16679 Buffer overflow in Wibukey - CVE-2018-3990
Published: December 24, 2018 / Updated: June 28, 2023
Vulnerability identifier: #VU16679
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-3990
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Wibukey
Wibukey
Software vendor:
Wibu Systems
Wibu Systems
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to buffer overflow in the 0x8200E804 IOCTL handler functionality of WibuKey.sys when handling malicious input. A local attacker can use a specially crafted IRP request, trigger kernel memory corruption and gain elevated privileges.
The weakness exists due to buffer overflow in the 0x8200E804 IOCTL handler functionality of WibuKey.sys when handling malicious input. A local attacker can use a specially crafted IRP request, trigger kernel memory corruption and gain elevated privileges.
Remediation
Update to version 6.50.