CVE-2018-7250

MEDIUM

Microsoft Windows Vista - Information Disclosure

Title source: rule

Description

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.

Exploits (1)

nomisec WORKING POC 7 stars

by alonhr · poc

https://github.com/alonhr/SecDrvPoolLeak

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/Elvin9/SecDrvPoolLeak/blob/master/README.md

View Writeup ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.1178

EPSS Percentile 93.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_vista

tivo/safedisc

Published Feb 26, 2018

Tracked Since Feb 18, 2026