CERT-In Vulnerability Note CIVN-2007-155
Microsoft Windows Macrovision SafeDisc secdrv.sys driver Local Elevation of Privilege vulnerability
Original Issue Date:
December 12, 2007
Severity Rating:
Medium
Systems Affected
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Overview A vulnerability has been reported in Microsoft Windows Macrovision SafeDisc secdrv.sys driver that could be exploited by an local attacker to take complete control of the vulnerable system.
Description
Microsoft Windows Macrovision SafeDisc secdrv.sys driver is used by games. The driver validates the authenticity of games that are protected with SafeDisc and prohibits unauthorized copies of such games to play on Windows. The secdrv.sys is included with Microsoft Windows XP, Windows Server 2003, and Windows Vista to increase compatibility of the games on Windows. Without the driver, games with SafeDisc protection would be unable to play on Windows. SafeDisc remains inactive until invoked by a game for authorization to play on Windows.
This vulnerability is caused due to Macrovision driver incorrectly handles configuration parameters.
The malicious user could exploit this vulnerability by executing arbitrary code in the context of local system and to take complete control of the vulnerable system.
Note: It may be noted that exploit code for this vulnerability is available on the Internet.
Workaround
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-067
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
References
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
Frsirt
http://www.frsirt.com/english/advisories/2007/3537
Secunia
http://secunia.com/advisories/27285
Security Tracker
http://securitytracker.com/alerts/2007/Oct/1018833.html
Security Focus
http://www.securityfocus.com/bid/26121/info
xforce
http://xforce.iss.net/xforce/xfdb/37284
CVE Name
CVE-2007-5587
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
