CVE-2007-5633

EXPLOITED

Alfredo Milani Comparetti SpeedFan <4.33 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2007-5633 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Ruben Santamarta.

AI-analyzed exploit summary The provided text describes a local privilege escalation vulnerability in SpeedFan, allowing arbitrary code execution with SYSTEM privileges. It references a binary exploit hosted on GitLab but does not include actual exploit code.

Description

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ruben Santamarta · textlocalwindows

https://www.exploit-db.com/exploits/30681

View Code ZIP pw:eip

The provided text describes a local privilege escalation vulnerability in SpeedFan, allowing arbitrary code execution with SYSTEM privileges. It references a binary exploit hosted on GitLab but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: SpeedFan (version not specified)

No auth needed

Prerequisites: Local access to the target system · Vulnerable version of SpeedFan installed

MITRE ATT&CK