CVE-2020-11520
HIGHWinMagic SecureDoc < 8.5 - Arbitrary Kernel Memory Write via SDDisk2k.sys IOCTL Dispatcher
Title source: llmDescription
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/
Release Notes, Vendor Advisory x_refsource_confirm
https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2-hf1
Scores
CVSS v3
7.8
EPSS
0.0042
EPSS Percentile
33.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
winmagic/securedoc
< 8.5
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026