CVE-2007-5587

EXPLOITED IN THE WILD

Macrovision Safedisc - Memory Corruption

Title source: rule

Description

Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Elia Florio · textlocalwindows

https://www.exploit-db.com/exploits/30680

View Code ZIP pw:eip

References (17)

[Exploit] http://blog.48bits.com/?p=172

[Various Sources] http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26121

[Third Party Advisory] http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-345A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37284

[Vendor Advisory] http://www.microsoft.com/technet/security/advisory/944653.mspx

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482474/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482482/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485268/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/41429

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018833

[Third Party Advisory] http://secunia.com/advisories/27285

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3537

[Third Party Advisory] http://securityreason.com/securityalert/3266

Scores

EPSS 0.0016

EPSS Percentile 36.5%

Details

VulnCheck KEV 2007-12-11

InTheWild.io 2018-10-15

CWE

CWE-119 CWE-264

Status published

Products (1)

macrovision/safedisc

Published Oct 19, 2007

Tracked Since Feb 18, 2026