CVE-2007-5633

EXPLOITED

Alfredo Milani Comparetti SpeedFan <4.33 - Privilege Escalation

Title source: llm

Description

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ruben Santamarta · textlocalwindows

https://www.exploit-db.com/exploits/30681

View Code ZIP pw:eip

References (6)

[Exploit] http://www.bugtrack.almico.com/view.php?id=987

[Exploit] http://www.securityfocus.com/bid/26123

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37298

[Various Sources] http://www.reversemode.com/index.php?option=com_content&task=view&id=42&Itemid=1

[Third Party Advisory, VDB Entry] http://osvdb.org/41842

[Third Party Advisory] http://secunia.com/advisories/27312

Scores

EPSS 0.0023

EPSS Percentile 45.9%

Details

VulnCheck KEV 2018-03-06

Status published

Products (1)

almico/speedfan 4.33

Published Oct 23, 2007

Tracked Since Feb 18, 2026