CVE-2007-5587: Buffer Overflow
First published: Fri Oct 19 2007(Updated: )
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2003 Server | ||
| Microsoft Windows XP | ||
| SafeDisc |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.48bits.com/?p=172
- http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15
- http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html
- http://www.microsoft.com/technet/security/advisory/944653.mspx
- http://www.securityfocus.com/bid/26121
- http://www.securitytracker.com/id?1018833
- http://secunia.com/advisories/27285
- http://securityreason.com/securityalert/3266
- http://www.us-cert.gov/cas/techalerts/TA07-345A.html
- http://osvdb.org/41429
- http://www.vupen.com/english/advisories/2007/3537
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37284
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067
- http://www.securityfocus.com/archive/1/485268/100/0/threaded
- http://www.securityfocus.com/archive/1/482482/100/0/threaded
- http://www.securityfocus.com/archive/1/482474/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-5587?
CVE-2007-5587 has a high severity rating due to its potential for privilege escalation.
How do I fix CVE-2007-5587?
To fix CVE-2007-5587, users should upgrade to SafeDisc version 4.3.86.0 or later.
What systems are affected by CVE-2007-5587?
CVE-2007-5587 affects Microsoft Windows XP and Windows Server 2003 installations with vulnerable versions of SafeDisc.
What type of vulnerability is CVE-2007-5587?
CVE-2007-5587 is classified as a buffer overflow vulnerability.
Can CVE-2007-5587 be exploited remotely?
CVE-2007-5587 requires local access for exploitation, allowing local users to gain elevated privileges.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2003 server
- canonical/microsoft windows xp
- vendor/macrovision
- canonical/safedisc