CVE-2024-12668
CVSS V2 None
CVSS V3 None
Description
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers.
Overview
- CVE ID
- CVE-2024-12668
- Assigner
- rapid7
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-16T14:56:17.136Z
- Last Modified Date
- 2024-12-16T16:14:22.987Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-12668 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12668 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-17 13:37:32 | Added to TrackCVE |