CVE-2018-5410

HIGH

Dokan <1.2.0.1000 - Buffer Overflow

Title source: llm

Description

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/46155

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106274

[Third Party Advisory] https://cwe.mitre.org/data/definitions/121.html

[Patch, Third Party Advisory] https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/741315/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46155/

Scores

CVSS v3 7.8

EPSS 0.0098

EPSS Percentile 76.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (2)

dokan-dev/dokany 1.0.0.5000 - 1.2.0.1000

dokan_project/dokan 1.0.0.5000 - 1.2.0.1000

Published Jan 07, 2019

Tracked Since Feb 18, 2026