CVE-2024-33228

HIGH

Insyde Software Corp SEG Windows Driver <100.00.07.02 - Privilege E...

Title source: llm

Description

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

References (1)

Core 1

Core References

Various Sources

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33228

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0027

EPSS Percentile 19.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published May 22, 2024

Tracked Since Feb 18, 2026