Vulnerability Description
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Xp | All versions |
| Macrovision | Safedisc | All versions |
Related Weaknesses (CWE)
References
- http://blog.48bits.com/?p=172Exploit
- http://osvdb.org/41429
- http://secunia.com/advisories/27285
- http://securityreason.com/securityalert/3266
- http://www.microsoft.com/technet/security/advisory/944653.mspx
- http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&acti
- http://www.securityfocus.com/archive/1/482474/100/0/threaded
- http://www.securityfocus.com/archive/1/482482/100/0/threaded
- http://www.securityfocus.com/archive/1/485268/100/0/threaded
- http://www.securityfocus.com/bid/26121
- http://www.securitytracker.com/id?1018833
- http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_es
- http://www.us-cert.gov/cas/techalerts/TA07-345A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/3537
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-06
FAQ
What is CVE-2007-5587?
CVE-2007-5587 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 al...
How severe is CVE-2007-5587?
CVE-2007-5587 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5587?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Xp, Macrovision Safedisc.